I've read the Cisco document - 'Router and VPN configuration for Public Internet on a Stick COnfiguration Example' and I've got a couple of questions.
Below is my config that I've built using the above example.... I know the VPN side of it works as i've butched my exisiting configuration.
My problem comes in understanding what IP address to give the Loopback interface, and do I need to give it a static nat translation like my other entries ??
My internal network is in the range 192.168.0.1 - 192.168.0.8
The VPN gives out the ip pool 192.168.1.1 - 192.168.1.19
What should the Looback interface be (i've currently got this as 192.168.2.1 ???)
If someone could take a quick look at the below and see if I've got any errors, that would be great (if I do need to include a static nat translation for the Loopback interface, would it simply be......ip nat inside source static 192.168.2.1 184.108.40.206
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable secret 5 $1$8K/M$mPKgykdzMNoav0TuHJFrG0
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
Yup, it's just a virtual ip in the same subnet as your loopback interface, basically to make the traffic route through the loopback interface because the interface has "ip nat inside", and then it will be routed towards the external interface that has "ip nat outside" so it can be NATed.
For NAT to happen, it needs to go through an interface with "ip nat inside" then "ip nat outside". If we don't route it through the loopback interface, theh outside interface is just "ip nat outside", so NATing for the vpn client will not work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...