cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
605
Views
0
Helpful
4
Replies

L2L tunnel protected networks

cmazur
Level 1
Level 1

Is the protected networks defined on a L2L tunnel the real IP address or the NATed outside address?

1 Accepted Solution

Accepted Solutions

@cmazur 

If you want to NAT over the VPN then modify the protected network ACL to include the NAT address.

 

If you already have a NAT setup and you don't want to NAT over the VPN, then this is when you'd create a NAT exemption rule. In which case the protected networks ACL would include the real IP address.

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Real IP address use to establish tunnel. Intresting traffic will be protected by IPSec tunnel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@cmazur 

What is your intention? If you want to NAT over the VPN you'd have to include the NAT address in the ACL defining the interesting traffic to be encrypted.

 

If you do not want to NAT over the VPN, you'd need to create a NAT exemption rule to ensure the traffic is not unintentially natted and also use the real IP address in the ACL defining the interesting/protected networks.

So i have a host that I NAT before going over the Internet. I also want to NAT if used in a VPN tunnel, so i believe you are saying that I

would use the NAT address as the protected network def. is this correct?

@cmazur 

If you want to NAT over the VPN then modify the protected network ACL to include the NAT address.

 

If you already have a NAT setup and you don't want to NAT over the VPN, then this is when you'd create a NAT exemption rule. In which case the protected networks ACL would include the real IP address.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: