Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Vpn help with presenting public ip to client

Currently we have setup our vpn's so they can talk lan side to lan side.

Att: contains relevant parts of the vpn structure which work between the offices.

We now have a client we need to setup a tunnel to that will not allow private ip's . They want a tunnel setup so that our public ip is what comes into there network. Any ideas on how this can be accomplished with our current vpn structure. They have given me there vpn gateway and the pre share but how can i present so anything going to them only shows our public and not the inside server ip that is sending to them. Seems like everything i try get's denied on there side.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Vpn help with presenting public ip to client

Please take a look at the attached config from my lab and let me know if you have any further questions. You are close in your configuration. You will be relying on the egress NAT configuration to overload to your outside interface IP. When configuring the crypto map, you will want to make sure that the interesting traffic ACL includes the outside interface IP as the source.

5 REPLIES

Re: Vpn help with presenting public ip to client

In a hide NAT scenario, you will want to ensure that the interesting traffic ACL for the tunnel includes the post-NAT address as the source. IPSec and ISAKMP debugs would be helpful to see where exactly the connection is failing.

New Member

Re: Vpn help with presenting public ip to client

In there lies the problem. I've only dealt with private ip to private ip vpn's. This is new to me and i don;t even know where to start. Do i need a different kind of acl to allow his public address to be hosted by my private or does the acl say soemthing like my public address host his public address then do something different in my nat statements. Basically we have one server behind the router let's say 192.168.7.45 just for an example. The client does not want the tunnel to show my private 7.45 server he only will except my public ip which sits on the serial interface to come across the tunnel and attach to his public ip address which is attached to a server he has on the inside without either site ever seeing the private addresses. Anybody have any configs that have this type of configuration or close to it ??

Re: Vpn help with presenting public ip to client

Please take a look at the attached config from my lab and let me know if you have any further questions. You are close in your configuration. You will be relying on the egress NAT configuration to overload to your outside interface IP. When configuring the crypto map, you will want to make sure that the interesting traffic ACL includes the outside interface IP as the source.

New Member

Re: Vpn help with presenting public ip to client

Thank you, i took your example and applied your advice to my setup and without disturbing the other vpn's i was able to make a connection to that remote client on a public to public connection. Your help was much appreciated.

Re: Vpn help with presenting public ip to client

Glad I could help. Please rate this post so that others can use the content to solve similar issues.

200
Views
0
Helpful
5
Replies