Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote VPN with NAT.

Hi all,

IM solving problem with next:

Our employees connect to our network remotely with Cisco VPN client and can access any resorces inside network.

We have NAT 0 configured so they sessions appear inside network  with IPs from VPN pool assigned. We have PIX with inside and outside iterface.

But we need to access outside resources through VPN.

So my question is when traffic get out from VPN tunel what NAT, ACLs should I configure to access outside resources (in Internet)? From inside to outside or should I create loopback inerface?

Pls. send me any example.

BR

gg

1 REPLY
Cisco Employee

Re: Remote VPN with NAT.

Hi,

   To get Internet Access while the IPSEC VPN Client is connected to your PIX, you have two options:

A. Use split-tunneling, this configuration will tell the VPN client which traffic needs to be encrypted, everything else will be sent out the local Internet connection on the Client's end:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

B. Use the option of hairpining (U-Turn) on the PIX to provide Internet access to the connecting VPN Clients. The only restriction here is that your PIX needs to be running at least version 7:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

   The basic configuration for this setup is as follows:

NAT CONFIGURATION

access-list remotelan permit ip 255.255.255.0 any

nat (outside) 1 access-list remotelan
global (outside) 1 interface

U-TURN

same-security-traffic permit intra-interface

   The rest of the configuration remains the same.

Regards,

Rick.

186
Views
0
Helpful
1
Replies