Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with NATing over VPN

Hi,

I have a Cisco Systems, Inc./VPN 3000 Concentrator Version 3.5.2.Rel Feb 14 2002 12:10:21. I am trying enable NAT so my users can browse the internet while vpning into my network (this is a must have per our users) I have a private IP on my private inferface. I have IPSec over UDP enabled and NAT enabled with 192.168.1.1/24 map udp/tcp enabled but it's not working.

Am I missing anything?

Client: 3.5.1

Should I update my client and vpn concentrator?

Thanks

Jenn

3 REPLIES
Cisco Employee

Re: Problem with NATing over VPN

Hi Jenn,

How are you assigning ip addresses to the remote users. If its a pool of ip addresses then make sure that you have added the pool of ip addresses in the interface rules under NAT.

You dont have to upgrade the client and VPN3000 at this point of time, it should be more of a config issue than a code issue.

Regards,

Arul

Cisco Employee

Re: Problem with NATing over VPN

Hi,

Just a quick clarification, I guess you want to tunnel all traffic from the client to the VPN3000 and have the VPN3000 do the PAT and send the traffic to the internet.

If this is not the case, then Split Tunneling might be an option for you.

Anyways, will wait for your update.

Regards,

Arul

Cisco Employee

Re: Problem with NATing over VPN

Also, you'll have to put the Private filter on the Public interface, since the standard Public filter only allows encrypted pckets in and out. If, as Arul said, you don't want to do split tunnelling but want your users to come into the concentrator encrypted then go back out to the Internet, you'll need to allow that in the filter.

Are you aware of split tunnelling, were only certain trraffic is encrypted and the rest goes out to the Internet as a normal packet? That may be a better solution for you than what you're trying to do.

86
Views
0
Helpful
3
Replies
CreatePlease to create content