Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

VPN and NAT: Sequence of encryption and NAT

sgupta
Level 1
Level 1

‎12-02-2002 09:24 PM - edited ‎02-21-2020 12:12 PM

I wish to know the sequence in which encryption/decryption and NAT happens.

I have this customer with one big subnet (10.22.1.0) containing PCs and servers.

Now I need to encrypt the data on LAN. VPN 3000 was proposed. Now I need to move servers to another subnet (10.22.3.0).

Could I use NAT to translate old server addresses to new addresses in 10.22.3.0 such that clients never notice the change of server addresses?

1. Where will be NAT applied? After packet come out of tunnel and before enter into tunnel?

2. How will NAT work here? Will VPN 3000 respond to ARP for old server addresses (10.22.1.0)?

Labels:
0 Helpful
1 Reply 1

kdurrett
Level 3
Level 3

‎12-03-2002 06:18 AM

You will have to NAT the traffic before it hits the concentrator. This gets a little tricky. You wont be able to NAT this on the concentrator so you'll have to do that on a router or a pix. So you got to question that as well since the pix and router could do both the nat and the ipsec tunnel. Is the concentrator needed is what i'd be asking. To answer your questions directly:

1. Not on the concentrator, so it will have to be done before it goes through the tunnel on another device.

2. NAT happens before encryption, whether its on the vpn device or downstream. No it wont arp for the old address.

Kurtis Durrett

0 Helpful
Customers Also Viewed These Support Documents