Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT and VPN

My web server is remotely located. I can only access it via the internet. For the secured access, I'll need the VPN.

Now from my office, I want to setup the client side of the VPN on my PC. But there are two possibilities:

1)I access the internet via an ADSL which dynamically set the IP address for my PC (via DHCP) and serveral other PC's in the LAN, but I only want my PC setup for the VPN, none of the others. In this case, can I still setup my PC for the VPN? If so, how? (Because my office router 877 uses the DHCP to assign an IP address for my PC and others, the IP of my PC is not static, it could change from each refreshing).

2)If the first choice is infeasible, can I use the Cisco 877 to do the NAT, i.e., internally I'll setup the private IP for each of the PC in the LAN, while the 877 router does some translation. Can I use this method to set up my PC to access the VPN ?(my pc only, none of other pc's in the LAN). If so, how?

Many thanks.

Scott

4 REPLIES
Gold

Re: NAT and VPN

it would be less complicated if you can setup a static ip on your pc.

alternatively, consider remote vpn access by using cisco vpn client. with this, you will need to re-configure the remote vpn device.

New Member

Re: NAT and VPN

Thanks for the response. I have some further questions:

1) Where can I get/download the Cisco Client VPN software?

2) When you said: " re-configure the remote vpn device ", is there some guide to show how to configure the (Cisco) router to work with the Cisoco VPN client? If so, where can I get/download it?

Mnay thanks.

Scott

Gold

Re: NAT and VPN

below is a cut-down config sample:

username cisco password xxxxxx

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group vpngroup

key xxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

interface Ethernet0

ip address

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

route-map nonat permit 10

match ip address 101

to download vpn client software,

http://www.cisco.com/kobayashi/sw-center/vpn/client/

Gold

Re: NAT and VPN

just wondering how you go.

179
Views
0
Helpful
4
Replies