Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
0
Helpful
2
Replies

VPN 3000 Concentrator and DSL sites

b-krigeris
Level 1
Level 1

‎11-20-2000 01:36 PM - edited ‎02-21-2020 11:15 AM

I set up a 3000 Concentrator at the main office in my company. We were hoping to give access to our numerous small offices around the country which have access to the Internet via a DSL line. All of the sites run NAT to a local PDC/DHCP and the rest of PC's get out using PAT. In order for a user to connect to us via VPN, we need to assign a static IP address the his/her PC and NAT that IP address to an outside address. This becomes a logistical nightmare, concidering we have only several outside IP address for each site and there are over 300 sites around the country. Does anyone have a solution to the problem?

Labels:
0 Helpful
2 Replies 2

bstremp
Level 2
Level 2

‎11-30-2000 07:57 AM

I don’t see a way around this one. Port address translation cannot handle IP protocols used for VPN. It does require it’s own IP address and unfortunately I don’t believe there is a workaround for this

0 Helpful

smather
Level 1
Level 1

‎01-13-2001 03:08 PM

If you set up the 3005 Group for Transparent NAT, the client software will wrap the ESP IPsec packet in UDP. This capability allows the IPsec packet to be PAT'd.

0 Helpful
Customers Also Viewed These Support Documents