Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN using VPN NAT

Hello all,

I'm trying to create a VPN Tunnel between our company and one of our clients. The topology in our site is very basic. We have a cisco 2821 Router/Firewall with only 2 interfaces. One interface connects to the internet and the other connects to our LAN. We have six web servers running Microsoft NLB and need to give our client access to those machines without revealing the private IP's of the machines.

The first issue that I'm having is that when I try to do a trace route from any of the web servers running NLB to the Peer at the client site, the originating IP that shows up in debug mode is that of the actual host (Not the virtual IP used by NLB).

The second issue is that I need to somehow set up VPN NAT, (or some type of translation), which will help hide the internal subnet. As I mentioned earlier, we only have two interfaces on the router. Can someone please help by letting me know how this can be done? I'm not sure as to how to proceed... I think I may need to create a VLAN to achieve this, but any ideas or suggestions would be extremely helpful.

One more thing to add is that we have multiple clients on the six clustered web servers. This is the first client that would like a tunnel between our site and theirs.