Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN NAT within IPSec Tunnel

Is it ok to place a 3825 Head end VPN router in a DMZ and Use a private address for the external Interface and perform a NAT to a single Public address.

All users connecting to the IPSec Site to Site VPN will use the Public address and the firewall will perform the translation. The IPSec Tunnel will be established on the 3825 router with the private address.

Is there a potential for any problems with this configuration?

1 REPLY
Community Member

Re: VPN NAT within IPSec Tunnel

I have a similar scenario with a PIX and 3030. The firewall rules look like

access-list outside_acl permit icmp any host 1.1.1.1

access-list outside_acl permit esp any host 1.1.1.1

access-list outside_acl permit udp any host 1.1.1.1 eq isakmp

access-list outside_acl permit udp any host 1.1.1.1 eq 4500

access-list outside_acl permit tcp any host 1.1.1.1 eq 10000

static (dmz,outside) 1.1.1.1 192.168.199.3 netmask 255.255.255.255 0 0

Rick

139
Views
0
Helpful
1
Replies
CreatePlease to create content