11-08-2010 04:00 AM
Hi all,
After weeks of scratching my head, reading examples/tutorials, I have given up trying to work out how to get this to work. Is it possible someone could post a partial config so I can get my head around how I can get this to work.
(ezvpn client) -> {internet} > (cisco 877 running ezvpn and nat)
What I need to do is let the ezvpn client connect via the internet to the 877 then ALL traffic is passed via the 877 (including internet traffic which is nat'ed). No traffic is to flow from ezvpn client onto the net unless it's routed via the 877.
Thanks for your help etc.
11-08-2010 04:19 AM
this is what you need to do
do not do split tunnleing, which mean do not put acl in the group configuration on head end, this way all traffic will come over the tunnel
now what comes on the tuinnel is natted to a ip from pool if you are using client mode in ezvpn, if you choose not to do natting you can operate in nem mode
now once they come over tunnel you need to nat them on the head end to send them to internet, the below link will help you except with the following changes
just add these to the acl 144
deny 192.168.1.0 0.0.0.255
deny
permit ip any 192.168.1.0 0.0.0.255
there are lot of thread on this community which explain this, try searching with keywords like internel on a stick or u turning on routers or internet access for vpn clients through headend etc
11-08-2010 04:21 AM
Thanks, I've going to have a go this afternoon.
That link is exactly what I need, dispite weeks of googling it takes 10 mins on here to get to the answer.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide