04-02-2009 09:44 AM
Hi, all , heres is the issue and i cand find the solution.
Well i have the tipic scenario o f a vpn, first were trying to make a VPN tunnel from a central site, to another point in colombia, we are using a Cisco 1801 (MPC8500) processor (revision 0x400) with 236544K/25600K bytes of memory. & Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(15)T7.
an the other side of the vpn tunnel is a Checkpoint, i ignore other details about that equipment, and they ask to us that we send our traffic with an ip source of our Public IP, so, no problem in our acl we cipher trafic with our public ip addres,going to the private addressing, and we send it in the ipsec tunnel, so no big deal, we are using PAT, with a Fa0 (inside 10.200.150.0/24) to a Di1(ADSL, outside Static Address), so no problem here, but then they ask to us to configure a VPN client for cisco, so we do the dynamic map, and so on, it work, clients want to access to Site LAN (vpn ip pool is 10.200.151.1 - 25 ) and it works too, but then they want to get the traffic going from a vpnClient going to another point in the l2l tunnel, to colombia, but, we must NAT that trafic, in order to reach the other point but if the traffic is entering the router, in an outside interface, how can we NAT that traffic to go out the tunnel to colombia. ive been reading like 2 weeks in cisco sites, forums, experts exchange and so on, and i havent found an answer yet, i've found DMVPN, and our case is like a HUB enviroment,but all the examples are using Private addressing, and none nats on a VPN tunnel, and i cant found a solution, any help will be appreciated
04-15-2009 12:56 AM
Check this out, might be of some assistance to yur config
04-15-2009 07:27 AM
thx for the reply, but i wasnt clear enough, my problem is that i want to nat on l2l tunnel, and communicate a remote access vpn to the l2l tunnel, but the problem its that its useless to do 'ip nat inside..' since traffic comes from the outside interface and came out in the same interface, can a cisco router do that? the router its like a HUB in DMVPN, but the problem is that the other l2l point its a checkpoint equipment wich i cant touch, so i must do all in the router, and idk if this is posible, my case looks similar to this http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Security&topicID=.ee6b2b8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd26dad
Ty in advance
02-08-2010 03:38 PM
Sorry to bother you, but I'm finding a similar problem (I've just posted another question).
Did you manage to resolve this? Thanks.
02-08-2010 04:39 PM
No, sry, i could'nt solve it, seems like routers can do that , but firewalls can.
If u got this can u let me know?
Ty in advance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: