Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with NAT on same interface

Hi guys,

I wonder if anyone has tried this senario before and could let me know how to get it to work!

I have a pair of 7100 routers that I'm going to use as VPN termination points on our network. The routers run HSRP across the F0/0 interface to achieve redundancy and all is good. I just have one problem..

Some of our partners need the source address of the traffic going over the tunnel to be a certain IP address so needs to be NAT'd at the router. I have a problem because the packets destined for the tunnel come in and go out the same interface and therefore I can't seem to get it to NAT them before it sends them down the tunnel i.e. it works ok with no nat involved but I can't use the ip nat inside and outside commands as I only have one interface. Therefore my VPN access-list never picks the traffic up and nothing happens!

Does anyone know the best way around this?

Thanks for the help,



Re: VPN with NAT on same interface

Terminate the VPN's on another device.


New Member

Re: VPN with NAT on same interface

So it can't be done?

Re: VPN with NAT on same interface

To be honest, the only way I can think of doing it, is to encapsulate the traffic in a GRE tunnel. You could NAT it as it goes into the tunnel, and the VPN is based on the source and destination IP's of the tunnel.

Other than that, have VPN's NAT and sending receiving traffic on the same device on 1 internet - is a big ask. Splitting the load to another device makes more sense - only my point of view.


CreatePlease login to create content