Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
0
Replies

Flexvpn Client and client subnets behind an inside interface

bassi
Level 1
Level 1

‎08-28-2019 02:06 PM - edited ‎02-21-2020 09:44 PM

Hello  everyone

 

I am executing FlexVPN Client in EZVPN Mode on a ISR4331 executing IOS-XE 16.06.05 Everest using the following FlexVPN Client profile:

 

  crypto ikev2 client flexvpn SWX-IKEV2-FLEX-PROFILE
    peer 1 10.10.10.1
    peer 2 10.10.20.1
    client inside Gi0/0/0
    client connect Tunnel10

  !

Gi0/0/0 interface has ip-address 10.10.30.1/24 configured and has the "ip nat-inside" feature enabled

Tunnel10 has its pushed IPsec address  and has the "ip nat-outside" feature configured

NAT overload rules currently apply to Gi0/0/0's client subnet 10.10.30.0/24 only.

Source IP-addresses for clear-text traffic originated from the connected subnet 10.10.30.0/24 are correctly NATted to Tunnel10's IPsec address and then successfully encapsulated ==> so far, so good

 

Question:

Is it possible to source-NAT and encapsulate clear-text traffic originated from a client subnet routed over 10.10.30.100 as well?  Or is that possible from directly connected inside interfaces only?

 

Thanks.

 

Best regards

 Gianbattista

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents