Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN 3000 Concentrator and DSL sites

I set up a 3000 Concentrator at the main office in my company. We were hoping to give access to our numerous small offices around the country which have access to the Internet via a DSL line. All of the sites run NAT to a local PDC/DHCP and the rest of PC's get out using PAT. In order for a user to connect to us via VPN, we need to assign a static IP address the his/her PC and NAT that IP address to an outside address. This becomes a logistical nightmare, concidering we have only several outside IP address for each site and there are over 300 sites around the country. Does anyone have a solution to the problem?

2 REPLIES
Community Member

Re: VPN 3000 Concentrator and DSL sites

I don’t see a way around this one. Port address translation cannot handle IP protocols used for VPN. It does require it’s own IP address and unfortunately I don’t believe there is a workaround for this

Community Member

Re: VPN 3000 Concentrator and DSL sites

If you set up the 3005 Group for Transparent NAT, the client software will wrap the ESP IPsec packet in UDP. This capability allows the IPsec packet to be PAT'd.

300
Views
0
Helpful
2
Replies
CreatePlease to create content