Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
4
Replies

Multiuser IPSec pass-through

john.pepper
Level 1
Level 1

‎05-20-2006 04:00 PM - edited ‎02-21-2020 02:25 PM

I have a requirement to have an 1841 router with a DSL conneciton at a partner site. This router has 2 FastEthernet interfaces.

The first FastEthernet is for the partner access LAN and this is a GRE IPSec tunnel into the corporate network and I'm fine with this configuration.

However, the customer wants to have some corporate Sales people (max 5) visit this partner site and connect to the other FastEthernet LAN and use their VPN clients to access the corporate network.

I'm thinking I can configure a private address space/DHCP pool on this FastEthernet interface and PAT the VPN client addresses going out - but will the router support this for Multiuser VPN clients going out this interface.?

Does anyone know if this is possible - maybe using IPSec pass-through or other methods.?

Thanks

Labels:
0 Helpful
4 Replies 4

m.sir
Level 7
Level 7

‎05-21-2006 01:31 AM

I think this scenario should work without problems. I use same with success..You dont need to configure nothing special - if you open ESP protocol 50, UDP ports 500 a 4500 for VPN clients users

0 Helpful

john.pepper
Level 1
Level 1
In response to m.sir

‎05-21-2006 03:12 AM

Thanks for the reply..

Do you use NAT for the vpn clients or do you PAT them to one outside address.?

This is ideally what I would like to do if possible.

Could you possibly post your relevant config bits here.?

Much appreciated.

Many thanks...

0 Helpful

m.sir
Level 7
Level 7
In response to john.pepper

‎05-21-2006 04:56 AM

PAT overload on outside interface

I dont know you current config, but

let we say FastEthernet0/0 is outside interface and FastEthernet0/1 is VPN client interface

ip nat inside source list 1 interface FastEthernet0/0 overload

interface FastEthernet0/0

ip nat outside

interface FastEthernet0/1

ip nat inside

access-list 1 (there specify inside IPs of VPN client users) let we say it will be hosts 192.168.10.2-5

access-list 1 permit 192.168.10.2

access-list 1 permit 192.168.10.3

access-list 1 permit 192.168.10.4

access-list 1 permit 192.168.10.5

M.

hope that helps rate if it does

0 Helpful

john.pepper
Level 1
Level 1
In response to m.sir

‎05-21-2006 08:16 AM

Many thanks for your help. I'll give this a go.

All the best.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents