Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy based NAT on VPN

Hi,

I have a query on Policy NAT for VPN:

I am doing hide natting few servers against one public IP and configured tunnel as that IP as our encryption domain IP. As server are hide natted against the IP, so from outside no traffic is allowed.

Now I have another requirement that, some of the client want access to same servers over the VPN from their end, so first of all, is it possible? Can it be acheived through Policy NAT, if yes, any such example would be great help.

Thanks,

Pawan

3 REPLIES
Super Bronze

Re: Policy based NAT on VPN

Unfortunately policy NAT only works in the one direction since it's dynamically NATing multiple servers to 1 public ip address, the reverse direction is not supported.

For client access to servers, you would need to configure 1:1 static NAT, or 1:1 static port address redirection.

Hope that answers your question.

New Member

Re: Policy based NAT on VPN

So that means, same servers can be hide NAT for some clients as well as static NAT for some of the clients throgh Policy NAT over the VPN. Pls. suggest.

Thanks,

Pawan

Super Bronze

Re: Policy based NAT on VPN

No, you would need to change your policy NAT to static NAT. You can't configure both at the same time.

325
Views
0
Helpful
3
Replies