Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
0
Helpful
1
Replies

nat web traffic from vpn tunnel

ataranjisama
Level 1
Level 1

‎01-24-2012 10:10 AM

hi

i have 2 routers, 2821 and 2811.

they are connected via GRE over IPsec, and all of the traffic from 2821 is being routed to 2811 with a default route to its tunnel interface.

2821 needs to access internet through 2811 valid ip address, my question is that how should i nat the traffic on 2811 so that 2821 can access the internet?

Labels:
0 Helpful
1 Reply 1

rizwanr74
Level 7
Level 7

‎01-25-2012 08:23 AM

It is very much similar to Policy nat.

below is an example:

interface FastEthernet0/0

description Your outside interface on public-address connected ISP.

ip address xxx.xxx.xxx.xxx 255.255.255.224

ip nat outside

interface FastEthernet0/1

description: Your inside interface connected to inside-switch for local network segment.

ip address 10.0.0.2 255.255.255.0

ip nat inside

ip nat inside source list PAT_ACL interface FastEthernet0/0 overload

ip access-list extended PAT_ACL

deny   ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255 <- as you deny this traffic to be Pat-over load, they will go over crypto engine instead.

permit ip 192.168.0.0 0.0.0.255 any <- however this traffic will be pat-over load for accessing internet.

Assume 192.168.0.0/24 the remote segment on router 2821 wanted access internet via 2811.

I hope it make sense to you.

Thanks

Rizwan Rafeek

0 Helpful
Customers Also Viewed These Support Documents