Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can i get a VPN Client's connection to be NAT-ted

I installed a router on a customer site to replace a PC that did NAT on a cable modem connection.

On the router NAT is done to get all of the PC's on the LAN to get to Internet.

But........one of the users is using a VPN-client to get to his office. With the PC installed there was no problem but since the router is in place he can not connect.

Because i specialized on dial-up networks my know;edge of NAT and VPN-clients.

Is there someone who knows how to get this user's VPN client-session to be NAT-ted?

Regards,

Martijn Koopsen

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: How can i get a VPN Client's connection to be NAT-ted

If you have overload onfigured, then you are Patting the traffic. In any case, you should atleast be able to establish the connection, as IPSec uses UDP 500 for negotiating the tunnel. If you are not able to pass any traffic, that's another issue. Once the tunnel is established, the traffic can be encrypted using ESP protocol which cannot be patted in normal circumstances. If this is a cisco IPsec client, then you have to find out that is the termination device. If it is a 3K concentrator, then you could enable IPSec thru UDP to workaround the ESP problem

Hope that helps

Jazib

3 REPLIES
Bronze

Re: How can i get a VPN Client's connection to be NAT-ted

Hi Martijn,

Are you natting or patting the traffic? What I mean is, do you have a static one to one mapping configured on the router, or do you have "overload" keyword in the NAT statements on the router. What type of a router is that?

What ype of a VPN client is that? Is it s Cisco Client ? Where is the VPn connection getting terminated at?

Jazib

New Member

Re: How can i get a VPN Client's connection to be NAT-ted

I am natting the traffic. I am overloading the address configured on one of the interfaces. The router is a rather oldish one (2514) The client is not the Cisco Client for as far as i know but if you want to know for sure i can tell you later.

The VPN tunnel get terminated on the other "side" of the internet so that is behind the router and the cable modem in a network i don't control.

Bronze

Re: How can i get a VPN Client's connection to be NAT-ted

If you have overload onfigured, then you are Patting the traffic. In any case, you should atleast be able to establish the connection, as IPSec uses UDP 500 for negotiating the tunnel. If you are not able to pass any traffic, that's another issue. Once the tunnel is established, the traffic can be encrypted using ESP protocol which cannot be patted in normal circumstances. If this is a cisco IPsec client, then you have to find out that is the termination device. If it is a 3K concentrator, then you could enable IPSec thru UDP to workaround the ESP problem

Hope that helps

Jazib

89
Views
0
Helpful
3
Replies