Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Public IP to private IP NAT question

We have a client that is trying to establish a VPN tunnel using a Cisco 1761 router to our non-cisco device. The client LAN uses publicly routable IP addresses on their LAN. They are connecting to a private IP in our DMZ. The tunnel does come up when traffic matches the access list attached to the VPN policy but we do not see any of the packets. I suspect that they will need to NAT one of their publicly routable IPs to our private IP address.

They used the Cisco SDM toll to create the VPN connection. Any help is appreciated.


Re: Public IP to private IP NAT question

Sounds like a NAT or routing issue. Unfortunately your end is non-Cisco so I can't help debug that. Could you stick ethereal on something at your end to see the packets from them? That might help.

Have you got a copy of the cisco config?

Re: Public IP to private IP NAT question


what IP addresses are negotiated to be encrypted across the VPN? Do those networks match/include the IP addresses used? It could also be a configuration issue in that the crypto map on the Cisco or the according thing in your device do either not match or not include the desired source and destination IPs.

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: Public IP to private IP NAT question

I do not see any packets from them through the tunnel. I have attached the config as well. Also, when they do a traceroute from a PC inside their network, they see the Fa0/0 interface show up as 2 consecutive hops (2 and 3 I believe).