Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client access to Router with Internet via this same router! How?

Hello everyone,

I have already setup VPN Connection of users to our 1841 router and corporate network. Users use Cisco VPN Client, and connection terminates on 1841's Dialer1 interface. This interface is also our ADSL connection to Internet.

I need that VPN users go out to Internet via this VPN Connection (that is via this Dialer1), instead of using split tunneling and browsing Internet from their Local ISPs.

Of course this Dialer1 is also "nat outside" and one of FastEthernet is LAN and "nat inside".

So I'd need to NAT those VPN-pool addresses to Dialer1 IP address. But what would be "nat inside" in this case...

Anyone can help?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: VPN Client access to Router with Internet via this same rout

a loopback interface needs to be configured for the "nat inside".

e.g.

int loopback 1

ip address 1.1.1.1 255.255.255.0

no shut

ip nat inside

access-list 199 deny ip <1841 private net> <1841 private net mask>

access-list 199 permit ip any

route-map policy-route permit 10

match ip address 199

set ip next-hop 1.1.1.2

interface Dialer0

ip policy route-map policy-route

2 REPLIES
Gold

Re: VPN Client access to Router with Internet via this same rout

a loopback interface needs to be configured for the "nat inside".

e.g.

int loopback 1

ip address 1.1.1.1 255.255.255.0

no shut

ip nat inside

access-list 199 deny ip <1841 private net> <1841 private net mask>

access-list 199 permit ip any

route-map policy-route permit 10

match ip address 199

set ip next-hop 1.1.1.2

interface Dialer0

ip policy route-map policy-route

New Member

Re: VPN Client access to Router with Internet via this same rout

Thanks for help!

I had to further expand this configuration by adding a route-map to Loopback1 interface, since Dialer1 is not our default route to the Internet - default route is via other interface - Serial0/0/0.

182
Views
5
Helpful
2
Replies
CreatePlease login to create content