Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and ezVPN on the same IP/Interface

I'm trying to configure a Cisco 857 ADSL router to do both NAT for internal clients and serve as a VPN concentrator for clients on the public internet.

I can get it to do either but not both.

I have tried to exclude UDP connections to port 500 from the NAT rules but it seems I don't have sufficient knowledge of Cisco to achieve this.

I have a dialer1 interface which shows OUTSIDE_IP2 as its assigned IP address when issuing a show interface dialer1.

I then have the following NAT rules:

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

ip nat inside source static INSIDE_IP1 OUTSIDE_IP1

ip nat inside source static INSIDE_IP2 OUTSIDE_IP2

ip nat inside source static INSIDE_IP3 OUTSIDE_IP3

ip nat inside source static INSIDE_IP4 OUTSIDE_IP4

SDM_RMAP_1 is defined as:

route-map SDM_RMAP_1 permit 1

match ip address 100

while access-list 100 is:

access-list 100 remark SDM_ACL Category=2

access-list 100 deny ip any VPN_IP_BASE

access-list 100 permit ip any any

Any help on how to re-write these nat rules so they do exactly what they do now but allow a VPN to either OUTSIDE_IPx address (I think I can only use the one assigned to dialer1?) would be greatly appreciated.

Thanks a lot.


CreatePlease login to create content