Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiuser IPSec pass-through

I have a requirement to have an 1841 router with a DSL conneciton at a partner site. This router has 2 FastEthernet interfaces.

The first FastEthernet is for the partner access LAN and this is a GRE IPSec tunnel into the corporate network and I'm fine with this configuration.

However, the customer wants to have some corporate Sales people (max 5) visit this partner site and connect to the other FastEthernet LAN and use their VPN clients to access the corporate network.

I'm thinking I can configure a private address space/DHCP pool on this FastEthernet interface and PAT the VPN client addresses going out - but will the router support this for Multiuser VPN clients going out this interface.?

Does anyone know if this is possible - maybe using IPSec pass-through or other methods.?



Re: Multiuser IPSec pass-through

I think this scenario should work without problems. I use same with success..You dont need to configure nothing special - if you open ESP protocol 50, UDP ports 500 a 4500 for VPN clients users

New Member

Re: Multiuser IPSec pass-through

Thanks for the reply..

Do you use NAT for the vpn clients or do you PAT them to one outside address.?

This is ideally what I would like to do if possible.

Could you possibly post your relevant config bits here.?

Much appreciated.

Many thanks...


Re: Multiuser IPSec pass-through

PAT overload on outside interface

I dont know you current config, but

let we say FastEthernet0/0 is outside interface and FastEthernet0/1 is VPN client interface

ip nat inside source list 1 interface FastEthernet0/0 overload

interface FastEthernet0/0

ip nat outside

interface FastEthernet0/1

ip nat inside

access-list 1 (there specify inside IPs of VPN client users) let we say it will be hosts

access-list 1 permit

access-list 1 permit

access-list 1 permit

access-list 1 permit


hope that helps rate if it does

New Member

Re: Multiuser IPSec pass-through

Many thanks for your help. I'll give this a go.

All the best.

CreatePlease to create content