Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
1
Replies

VPN and NAT

durhamcs
Level 1
Level 1

‎09-22-2003 02:58 PM - edited ‎02-21-2020 12:47 PM

I have the following network

Outside IP Address 1.1.1.1

Inside IP Address 2.2.2.2

No I am using PAT for internet usuage. I plan on doing a Site-to-site ipsec vpn tunnel. I want to hide the inside network 2.2.2.0 from the remote network 3.3.3.0. But allow traffic between the 2 sites and not interfere with the internet traffic.

How do I set-up NAT to support the internet traffic and a site-to-site vpn tunnel?

Labels:
0 Helpful
1 Reply 1

thisisshanky
Level 11
Level 11

‎09-22-2003 08:19 PM

You can refer to following link for configuring S-S vpn.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/sit2site.htm

When you configure S-S vpn, you will be configuring an access-list which specified the traffic to be encrypted. This would be those traffic with source ip address from 2.2.2.0 and destination address from 3.3.3.0 network.

Now the same traffic should not be NATed. THis can be achieved using NAT 0 access-list.

Check this link for configuring NAT 0 access-list.

http://www.cisco.com/warp/public/110/19.html#multi_nat_access

So all traffic going to internet will be NATed while the VPN traffic will be passed without NATing. This is called as Split tunneling.

Hope that helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents