Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
2
Replies

Problems with IPSec and static NAT

pemelin
Level 1
Level 1

‎01-23-2001 12:59 PM - edited ‎02-21-2020 11:16 AM

I have an IPSec tunnel up and running between two IOS-routers, and it works except for one host. I have a static NAT entry for this host so it can be addressed from the outside, but then the "internal" traffic wont go through the tunnel. How can I set this up so the traffic from this host not will be NAT:ed when it should go through the tunnel?

Labels:
0 Helpful
2 Replies 2

joels
Level 1
Level 1

‎01-26-2001 04:50 AM

You need to setup the access-list for the crypto map to only allow the specific protocols needed to go LAN to LAN. Remember, data is always NAT'd first, so you need to deny the traffic you need encrypted in your NAT ACL, then permit it in your crypto ACL.

0 Helpful

jomccloud
Level 1
Level 1

‎01-28-2001 06:09 AM

You need to establish an access-list that bypasses NAT for specific source or destination networks. Notice the use of a route-map with a network access-list that bypasses NAT.

(http://www.cisco.com/warp/public/707/overload_private.html)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents