Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
5
Replies

EzVPN Client and NAT

mklimesch
Level 1
Level 1

‎08-28-2003 06:02 AM - edited ‎03-09-2019 04:35 AM

Hello,

i have configured a vpn between a router 1760 with adsl interface (ezvpn client) and a cisco concentrator 3005. the concentrator has got a static ip, the router has dynamic ip´s. now i have to translate the local ip´s at the end of the router. but when i configure nat at the router, i haven´t access to the other site of the vpn. can anybody explain this, or have anybody a sample config for me ?

Thanks in advance . . .

Labels:
0 Helpful
5 Replies 5

gfullage
Cisco Employee
Cisco Employee

‎08-28-2003 04:12 PM

EzVPN Phase II (available in 12.2(15)T and up) includes NAT interoperability support. Basically you configure NAt on the router for your Internet access, but when the VPN tunnel is up this overrides the configured NAT, then when the tunnel is torn down the configured NAT comes back in. See

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftezvpnr.htm#1121329

for details. You should be able to run this code and configure your NAT as normal, and EzVPN will sort it all out for you depending on whether the tunnel is up or not.

If I've gotten the wrong impression of your situation (it's a little unclear), please provide configs and a more detailed explanation than "now i have to translate the local ip´s at the end of the router." cause this is unclear to me.

0 Helpful

mklimesch
Level 1
Level 1
In response to gfullage

‎08-28-2003 11:14 PM

the net, where the router is placed has the ip 10.20.30.0/24. but i can´t route this net from my side. the source ip´s must be translate from 10.20.30.0 to 10.110.20.0. but when the tunnel is up, nat don´t works.

can i configure the vpn other than with the EzVPN Phase II ? I think not, because the router have to work as a vpn client, because it has no static ip . . .

0 Helpful

mklimesch
Level 1
Level 1
In response to mklimesch

‎08-28-2003 11:17 PM

i´ve forgot an important information. the adsl router is not in my network. it is placed in a partners network . . .

and they will access our network over the vpn.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to mklimesch

‎08-29-2003 07:25 PM

So you have to NAt over the tunnel, not out to the Internet, is that right? Hmmm, yeah, I don't see how that's going to work cause EzVPN specifically assumes that you don't need to NAT when the tunnel is up and it'll stop any configured NAT.

You could configure a standard LAN-to-LAN tunnel rather than EzVPN, then you could NAT the traffic before it gets encrypted.

0 Helpful

mklimesch
Level 1
Level 1
In response to gfullage

‎08-30-2003 02:17 AM

Yes, thats right. I have to nat over the tunnel, not out to the internet.

Can I configure LAN-to-LAN tunnel ? I havent´t got a static ip on the outside interface of my router. So I think I have to configure Client-to-Site tunnel . . .

When I can configure LAN-to-LAN anyway, have you got a sample config for me ?

0 Helpful
Customers Also Viewed These Support Documents