08-04-2010 11:36 AM
Hi,
I have clients connectiong to a Router (878)using the VPN Client, they can access what they need internally.
A new requirment has come up, there is an externally hosted server that has IP restrictions so that only a range of internal addresses can access it.
The question is when the VPN client is connected and it picks up an internal address how can I allow access from inside out to this one host. I had thought of split tunneling but the connection needs to come from the Internal lan and in this case that does not seem like it will work. There is only one Internet connection, there are no proxies internally I could use.
Will this work? if so what is the best way of accomplishing this.
Thanks
Solved! Go to Solution.
08-07-2010 12:14 AM
i will need to search my docs but i am pretty sure i have a example... in any case here is some more info
do split tunneling and include this traffic from pool to server in that
next on your outside i will do source based routing directing all traffic from pool ip to the public server ip to loopback using the set interface command
and then classify this loopback as internal by making ip nat inside so that anything going out from this interface will be natted/patted to your interface ip and now your server will recognise it
hope this helps
ip access-list extended split
permit
permit
-------
for route-map
ip access-list extended vpn
permit ip
permit ip
route-map vpn
match acl vpn
set interface loopback0
int loopback0
ip address
ip nat inside
include the traffic from pool ip to server in the nat acl's
-------------------
if this is difficult please paste your config i will try to put it accordingly
08-04-2010 11:57 AM
send all vpn the traffic to loopback ip using route map
make loopback ip as ip nat inside
and include the traffic from pool to that public ip as part of nat traffic
08-06-2010 01:24 PM
Hi Jathaval,
Thanks for responding, can you point me at any more detailed info as I havent heard of this before?
Thanks Mike
08-07-2010 12:14 AM
i will need to search my docs but i am pretty sure i have a example... in any case here is some more info
do split tunneling and include this traffic from pool to server in that
next on your outside i will do source based routing directing all traffic from pool ip to the public server ip to loopback using the set interface command
and then classify this loopback as internal by making ip nat inside so that anything going out from this interface will be natted/patted to your interface ip and now your server will recognise it
hope this helps
ip access-list extended split
permit
permit
-------
for route-map
ip access-list extended vpn
permit ip
permit ip
route-map vpn
match acl vpn
set interface loopback0
int loopback0
ip address
ip nat inside
include the traffic from pool ip to server in the nat acl's
-------------------
if this is difficult please paste your config i will try to put it accordingly
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: