Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

External Access to a Single Server Via VPN

Hi,

I have clients connectiong to a Router (878)using the VPN Client, they can access what they need internally.

A new requirment has come up, there is an externally hosted server that has IP restrictions so that only a range of internal addresses can access it.

The question is when the VPN client is connected and it picks up an internal address how can I allow access from inside out to this one host. I had thought of  split tunneling but the connection needs to come from the Internal lan and in this case that does not seem like it will work. There is only one Internet connection, there are no proxies internally I could use.

Will this work? if so what is the best way of accomplishing this.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: External Access to a Single Server Via VPN

i will need to search my docs but i am pretty sure i have a example... in any case here is some more info

do split tunneling and include this traffic from pool to server in that

next on your outside i will do source based routing directing all traffic from pool ip to the public server ip to loopback using the set interface command

and then classify this loopback as internal by making ip nat inside so that anything going out from this interface will be natted/patted to your interface ip and now your server will recognise it

hope this helps

ip access-list extended split

  permit

  permit

-------

for route-map

ip access-list extended vpn

  permit ip

  permit ip

route-map vpn

match acl vpn

set interface loopback0

int loopback0

ip address

ip nat inside

include the traffic from pool ip to server in the nat acl's

-------------------

if this is difficult please paste your config i will try to put it accordingly

3 REPLIES
Cisco Employee

Re: External Access to a Single Server Via VPN

send all vpn the traffic to loopback ip using route map

make loopback ip as ip nat inside

and include the traffic from pool to that public ip as part of nat traffic

Community Member

Re: External Access to a Single Server Via VPN

Hi Jathaval,

Thanks for responding, can you point me at any more detailed info as I havent heard of this before?

Thanks Mike

Cisco Employee

Re: External Access to a Single Server Via VPN

i will need to search my docs but i am pretty sure i have a example... in any case here is some more info

do split tunneling and include this traffic from pool to server in that

next on your outside i will do source based routing directing all traffic from pool ip to the public server ip to loopback using the set interface command

and then classify this loopback as internal by making ip nat inside so that anything going out from this interface will be natted/patted to your interface ip and now your server will recognise it

hope this helps

ip access-list extended split

  permit

  permit

-------

for route-map

ip access-list extended vpn

  permit ip

  permit ip

route-map vpn

match acl vpn

set interface loopback0

int loopback0

ip address

ip nat inside

include the traffic from pool ip to server in the nat acl's

-------------------

if this is difficult please paste your config i will try to put it accordingly

205
Views
0
Helpful
3
Replies
CreatePlease to create content