Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nat web traffic from vpn tunnel

hi

i have 2 routers, 2821 and 2811.

they are connected via GRE over IPsec, and all of the traffic from 2821 is being routed to 2811 with a default route to its tunnel interface.

2821 needs to access internet through 2811 valid ip address, my question is that how should i nat the traffic on 2811 so that 2821 can access the internet?

  • VPN
Everyone's tags (4)
1 REPLY

nat web traffic from vpn tunnel

It is very much similar to Policy nat.

below is an example:

interface FastEthernet0/0

description Your outside interface on public-address connected ISP.

ip address xxx.xxx.xxx.xxx 255.255.255.224

ip nat outside

interface FastEthernet0/1

description: Your inside interface connected to inside-switch for local network segment.

ip address 10.0.0.2 255.255.255.0

ip nat inside

ip nat inside source list PAT_ACL interface FastEthernet0/0 overload

ip access-list extended PAT_ACL

deny   ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255 <- as you deny this traffic to be Pat-over load, they will go over crypto engine instead.

permit ip 192.168.0.0 0.0.0.255 any <- however this traffic will be pat-over load for accessing internet.

Assume 192.168.0.0/24 the remote segment on router 2821 wanted access internet via 2811.

I hope it make sense to you.

Thanks

Rizwan Rafeek

594
Views
0
Helpful
1
Replies