I have a 3845 Integrated router.It is located at my corporate office and connects to the Internet ( e0).The branch office has a DS3 connectivity to it for internet acccess ( s0).I want to enable IPSec remote access on this router so that users can use the cisco VPN client to connect to it and access the corporate and branch office resources.
This Router is outside the Firewall and doesnot do any NAT/PAT.My question is that if i would apply a crypto map on its interface facing the internet ( e0) what precautions should i take so that it doesnt disrupt any general internet traffic.
Also do i need to use the commands ip nat outside and ip nat inside if i dont want the router to translate anything,but only provide remote access IPSec VPN Service?
The router will be configured with dynamic-maps for the outside so this is fairly well documented and would be hard to disrupt the internal/external traffic. Unlike peer-to-peer tunnel, which would use crypto ACLs to determine the traffic to be encrypted and could be disruptive if configured incorrectly. Check out the IPSEC/IKE Configuration Examples and TechNotes for examples on how to configure these.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...