EZVPN + nat on server

joshuaabaxas · ‎11-08-2010

Hi all,

After weeks of scratching my head, reading examples/tutorials, I have given up trying to work out how to get this to work. Is it possible someone could post a partial config so I can get my head around how I can get this to work.

(ezvpn client) -> {internet} > (cisco 877 running ezvpn and nat)

What I need to do is let the ezvpn client connect via the internet to the 877 then ALL traffic is passed via the 877 (including internet traffic which is nat'ed). No traffic is to flow from ezvpn client onto the net unless it's routed via the 877.

Thanks for your help etc.

Jitendriya Athavale · ‎11-08-2010

this is what you need to do

do not do split tunnleing, which mean do not put acl in the group configuration on head end, this way all traffic will come over the tunnel

now what comes on the tuinnel is natted to a ip from pool if you are using client mode in ezvpn, if you choose not to do natting you can operate in nem mode

now once they come over tunnel you need to nat them on the head end to send them to internet, the below link will help you except with the following changes

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

just add these to the acl 144

deny 192.168.1.0 0.0.0.255

permit ip any 192.168.1.0 0.0.0.255

there are lot of thread on this community which explain this, try searching with keywords like internel on a stick or u turning on routers or internet access for vpn clients through headend etc

joshuaabaxas · ‎11-08-2010

Thanks, I've going to have a go this afternoon.

That link is exactly what I need, dispite weeks of googling it takes 10 mins on here to get to the answer.

Thanks again.