Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

NAT Traversal on a Cisco 881W router

I am running c880data-universalk9-mz.124-20.T4.bin on a Cisco881W router and an ASA5512 with asa915-smp-k8.bin

I need to setup a site to site IPSEC VPN tunnel and not NAT the traffic.

Does the Cisco881W support NAT traversal or don't I need that? If not how would I configure?

 

Mike

1 REPLY

The 881W supports NAT

The 881W supports NAT Traversal, but that's really used for running an IPSec endpoint behind another NAT device.

If you just want to make sure that the 881W doesn't NAT IPSec traffic to your ASA, you can do that by denying the IPv4 source and destination addresses in the NAT ACL on the router.

For example, if your IPSec VPN on the 881W sends traffic from 192.168.0.0/24 to 192.168.1.0/24, your NAT configuration would look something like this:

ip nat inside source list ACL_WAN_NAT interface FastEthernet4 overload
!
ip access-list extended ACL_WAN_NAT
 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any

With this NAT configuration, traffic from 192.168.0.0/24 to 192.168.1.0/24 will be unmodified while all other traffic from 192.168.0.0/24 will be subject to NAT.

39
Views
0
Helpful
1
Replies