Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN from client to 3000 through NAT

For cost reasons, we desire to have individual VPN clients on a remote office LAN for connecting to corporate network. For example, if the office has a DSL connection to the Internet, where the (cheap) DSL router is running NAT, only one client can get through the VPN (whoever was last to establish the tunnel). What options, costly or otherwise, do I have?

5 REPLIES
New Member

Re: VPN from client to 3000 through NAT

Hmm. I might be able to help you out if I had info on the NAT device you are using. Some basic issues you must deal with are whether the device is running NAT or NAT overload (PAT). For PAT to work correctly you must use the NAT transparency setting in the VPN 3000 client/concentrator. If you like, you may e-mail me directly at jmccloud@cisco.com to provide further info.

New Member

Re: VPN from client to 3000 through NAT

With regards to the "NAT transparency setting", is this something that will allow a VPN client behind a generic firewall running PAT to establish an IPSec tunnel with a PIX box?

New Member

Re: VPN from client to 3000 through NAT

No. Though the PIX supports tunnel termination for the VPN 3000 client (as of PIX OS 5.2[1]), it does not support NAT transparency (PAT, in reality). Only the VPN 3000/5000 series offer this capability today. It is on the roadmap for future PIX release (post 6.0).

New Member

Re: VPN from client to 3000 through NAT

Hi.

Alot of my users are using NAT translator at home and they are having problem seeing our network using the personal router configuring DHCP. I turn on the IPSEC through NAT in the Cicso VPN 3015 already and enable the NAT in the traffic management and also the rules for TCP/UDP. But I am unable to see our network through the NAT translator router.

New Member

Re: VPN from client to 3000 through NAT

Are you using IPSec? You could check the "Allow IPSec through NAT" in Configuration>User Management>Groups>Modify>IPSec tab....look near the bottom of the page.

148
Views
0
Helpful
5
Replies
CreatePlease login to create content