Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
1
Replies

LAN-2-LAN VPN and NAT

p-calcaterra
Level 1
Level 1

‎01-28-2009 09:01 AM

Hi,

I have connected a remote 877 to the central VPN3020 through an IPSEC tunnel over Internet.

The tunnel works fine and the traffic flows between central and remote LANs.

Now I need to apply a NAT (not PAT) to the source IP addresses coming from the remote site, so I configured a dynamic NAT in the VPN3020 in

“Configuration | Policy Management | Traffic Management | NAT | LAN-to-LAN Rules” as:

[192.168.1.0/24 : 10.30.85.0/28] -> 0.0.0.0/0 (Dynamic)

Now when I enable the LAN-to-LAN NAT, the traffic stops to flow.

I have checked on the VPN3020 and I saw the NAT applied (in “Monitoring | Statistics | NAT”). I have sniffed the traffic on both LANs and the diagnosis is that the traffic stops into the VPN3020, perhaps because it is filtered away.

The question is: what I have to check or what I have to change in order to have the NATted traffic acceptable to the VPN3020?

Note that I have not modified the filters already configured and that I do not see any route for the 10.30.85.0/28 in the VPN3020 routing table.

Best regards.

Paolo.

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎02-03-2009 06:43 PM

Activating IPSec transparent mode on the VPN Concentrator creates non-visible filter rules and applies them to the public filter. The configured port number is then passed to the VPN Client transparently when the VPN Client connects.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a00800946af.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents