Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
2
Replies

Cisco 1841 NAT IP Source ?

Francois Bachelier
Level 1
Level 1

‎11-13-2013 02:38 AM - edited ‎03-07-2019 04:35 PM

Hi,

I have a Router Cisco 1841 connected to an ADSL.

I need to set up a VPN connection site to site with client on this router.

I have a private IP provided by the operator on the interface Dialer0 (ip address negociated): 192.168.1.254

I have also a public IP routed to my router and configured on the interface Loopback1: 81.255.99.89

Issue:

I go out with the private IP 192.168.1.254 (Dialer0) while client need to see me with public IP 81.255.99.89 (Loopback1) to set up the VPN tunnel.

So, is it possible to set up NAT source to go out through the interface Dialer but with the IP 81.255.99.89 ? Route-map with policy ?

Router configuration:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key XXXXXXXXXXXXX address X.X.X.X no-xauth

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 15 10

!

!

crypto ipsec transform-set SDM_TRANSFORMSET_1 esp-3des esp-sha-hmac

crypto ipsec transform-set SDM_TRANSFORMSET_2 esp-3des esp-sha-hmac

!

crypto map sec-bytel 1 ipsec-isakmp

description XXXXXXXXXXXX

set peer X.X.X.X

set security-association lifetime seconds 28800

set transform-set SDM_TRANSFORMSET_1 SDM_TRANSFORMSET_2

set pfs group2

match address Bytel

!

!

!

!

!

!

interface Loopback1

ip address 81.255.99.89 255.255.255.255

!

interface FastEthernet0/0

description Vers vlan-admin

ip address X..X.X.X

duplex auto

speed auto

!

interface FastEthernet0/1

ip address X.X.X.X 255.255.255.248

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface ATM0/1/0

description Cote ADSL

ip address dhcp

ip virtual-reassembly

atm restart timer 300

no atm ilmi-keepalive

pvc 8/35

  encapsulation aal5mux ppp dialer

  dialer pool-member 2

!

!

interface Dialer0

ip address negotiated

no ip unreachables

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

ppp authentication chap callin

ppp chap hostname XXXXXXXXX

ppp chap password 7 XXXXXXXXXXXX

crypto map sec-bytel

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

ip http authentication local

no ip http secure-server

!

!

!

ip access-list extended XXXX

remark SDM_ACL Category=4

permit ip X.X.X.X  0.0.0.3 X.X.X.X 0.0.0.31 log

permit ip X.X.X.X 0.0.0.3 X.X.X.X 0.0.0.63 log

Thanks in advance for your help

Francois

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎11-13-2013 02:56 AM

Hi,

you can use the crypto-map sec-bytel local-address loopback1  global config command

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Francois Bachelier
Level 1
Level 1
In response to cadet alain

‎11-13-2013 09:30 AM


Hi Alain,

It works with your command!
Thanks!

0 Helpful
Customers Also Viewed These Support Documents