Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN and NAT

I have the following network

Outside IP Address 1.1.1.1

Inside IP Address 2.2.2.2

No I am using PAT for internet usuage. I plan on doing a Site-to-site ipsec vpn tunnel. I want to hide the inside network 2.2.2.0 from the remote network 3.3.3.0. But allow traffic between the 2 sites and not interfere with the internet traffic.

How do I set-up NAT to support the internet traffic and a site-to-site vpn tunnel?

1 REPLY

Re: VPN and NAT

You can refer to following link for configuring S-S vpn.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/sit2site.htm

When you configure S-S vpn, you will be configuring an access-list which specified the traffic to be encrypted. This would be those traffic with source ip address from 2.2.2.0 and destination address from 3.3.3.0 network.

Now the same traffic should not be NATed. THis can be achieved using NAT 0 access-list.

Check this link for configuring NAT 0 access-list.

http://www.cisco.com/warp/public/110/19.html#multi_nat_access

So all traffic going to internet will be NATed while the VPN traffic will be passed without NATing. This is called as Split tunneling.

Hope that helps!

203
Views
0
Helpful
1
Replies
CreatePlease to create content