cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
5
Replies

Vpn help with presenting public ip to client

william.riley
Level 1
Level 1

Currently we have setup our vpn's so they can talk lan side to lan side.

Att: contains relevant parts of the vpn structure which work between the offices.

We now have a client we need to setup a tunnel to that will not allow private ip's . They want a tunnel setup so that our public ip is what comes into there network. Any ideas on how this can be accomplished with our current vpn structure. They have given me there vpn gateway and the pre share but how can i present so anything going to them only shows our public and not the inside server ip that is sending to them. Seems like everything i try get's denied on there side.

1 Accepted Solution

Accepted Solutions

Please take a look at the attached config from my lab and let me know if you have any further questions. You are close in your configuration. You will be relying on the egress NAT configuration to overload to your outside interface IP. When configuring the crypto map, you will want to make sure that the interesting traffic ACL includes the outside interface IP as the source.

View solution in original post

5 Replies 5

Todd Pula
Level 7
Level 7

In a hide NAT scenario, you will want to ensure that the interesting traffic ACL for the tunnel includes the post-NAT address as the source. IPSec and ISAKMP debugs would be helpful to see where exactly the connection is failing.

In there lies the problem. I've only dealt with private ip to private ip vpn's. This is new to me and i don;t even know where to start. Do i need a different kind of acl to allow his public address to be hosted by my private or does the acl say soemthing like my public address host his public address then do something different in my nat statements. Basically we have one server behind the router let's say 192.168.7.45 just for an example. The client does not want the tunnel to show my private 7.45 server he only will except my public ip which sits on the serial interface to come across the tunnel and attach to his public ip address which is attached to a server he has on the inside without either site ever seeing the private addresses. Anybody have any configs that have this type of configuration or close to it ??

Please take a look at the attached config from my lab and let me know if you have any further questions. You are close in your configuration. You will be relying on the egress NAT configuration to overload to your outside interface IP. When configuring the crypto map, you will want to make sure that the interesting traffic ACL includes the outside interface IP as the source.

Thank you, i took your example and applied your advice to my setup and without disturbing the other vpn's i was able to make a connection to that remote client on a public to public connection. Your help was much appreciated.

Glad I could help. Please rate this post so that others can use the content to solve similar issues.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: