Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outside NAT

I am in need of some router configuration help. I have 3030 concentrator that we use to connect to our customer sites via VPN. We have equipment at our customer locations that we support. We assign them an IP in the 172.20.x.x subnet to which we ask that they NAT on their end since the 3030 cannot perform this on our end. Some customer do this without any problems. Some are saying they will not perform the NAT. So, I need to add a router behind my 3030 and perform outside NAT. This is where I need help. My 3030 is something like this.

Public IP address

DMZ This interface is where our servers are. this subnet is our customers remote network. inside address.

I understand the concept. I'm just not sure of how to configure the router. Two ethernet interfaces? Which will be NAT inside? Which will be NAT outside. Also, I want to keep the customers who are willing to perform NAT on their end seperate from this. How will this effect the configuration? Any help MUCH appreciated.

New Member

Re: Outside NAT

I think that NAT Inside should be the interface from your side in this case, outside interface - interface from customers side.

Because you need to create access list to do NAT translation you can easy separate addresses which customers equipment translate itself from those which you have to translate yourself - just deny those IP addresses which customer translates itself and permit those which you have to translate in the access list.

Check these documents (as well as other about NAT on Cisco site) - there are a lot of examples there.

//Mikhail Galiulin

CreatePlease login to create content