06-06-2011 06:10 AM
Hello,
we use the Cisco VPN-Client to connect to our CISCO1921 Router and want to go out again on the same interface to the internet. We configured the connection with the IOS scurity package, have no split tunneling - so the client is forced with it's default gateway to our router - we also have pushed our local dns-server to the client and he gets dns results. Now I think we have to got out with some kind of NAT, because our client has a private IP from the IPSec Client pool. At the moment we have no NAT inside/outside, bacause we only use official IP addres in- and ouside (data-room usage).
- Is it possible to get the NAT function going in and out on the same interface with crypto_map IPSec user comming in and going out to the internet ?
- Is it more secure to configure this with vrf ?
- Has some a link to example configurations for this ?
Thanks !
NISITNETC
Solved! Go to Solution.
06-06-2011 06:57 AM
Hi ,
To acomplish that you have to create loopback interface and policy map , have you come across this link bellow?, follow example in this link.
Regards
06-06-2011 06:57 AM
Hi ,
To acomplish that you have to create loopback interface and policy map , have you come across this link bellow?, follow example in this link.
Regards
06-06-2011 03:00 PM
Hi Jorge,
thanks for the link. We will also try the NVI version now:
http://inetpro.org/wiki/IPSec:_Router_and_VPN_Client_for_Public_Internet_on_a_Stick_with_NVI
Grüße
NISITNETC
06-07-2011 03:46 AM
NVI
We just tried to find an easy solution and this works finde now. We use the NVI way - see the example obove, can't be documented better ...
Thanks !
NISITNETC
06-07-2011 07:52 AM
Thanks for providing that additional info on NVI ..
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide