Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nat web traffic from vpn tunnel


i have 2 routers, 2821 and 2811.

they are connected via GRE over IPsec, and all of the traffic from 2821 is being routed to 2811 with a default route to its tunnel interface.

2821 needs to access internet through 2811 valid ip address, my question is that how should i nat the traffic on 2811 so that 2821 can access the internet?

  • VPN
Everyone's tags (4)

nat web traffic from vpn tunnel

It is very much similar to Policy nat.

below is an example:

interface FastEthernet0/0

description Your outside interface on public-address connected ISP.

ip address

ip nat outside

interface FastEthernet0/1

description: Your inside interface connected to inside-switch for local network segment.

ip address

ip nat inside

ip nat inside source list PAT_ACL interface FastEthernet0/0 overload

ip access-list extended PAT_ACL

deny   ip <- as you deny this traffic to be Pat-over load, they will go over crypto engine instead.

permit ip any <- however this traffic will be pat-over load for accessing internet.

Assume the remote segment on router 2821 wanted access internet via 2811.

I hope it make sense to you.


Rizwan Rafeek