You just make an access-list that disables NAT for certain IP
source/destination combinations. That way the client sitting behind the NAT
server who goes through VPN will not be NAT'd when it tries to go through
the VPN. This would obviously change the source IP and VPN would not allow
it to pass through.
I hope that's what you were looking for. It worked on a 2600 to PIX VPN
solution with NAT on the 2600 and PIX both on a solution I implemented. It
should be the same principle.
Allen
----- Original Message -----
From: "Uniplace - Alexander Krastelev"
To:
Sent: Tuesday, June 12, 2001 8:39 AM
Subject: IPSEC (ESP) over NAT ? [7:8150]
> Hello,
>
> Does anyone know if Cisco IOS (any version) supports IPSEC passthrough
over
> NAT ?
>
> I need to make the following configuration running:
>
> [Server]---[VPN gateway]------internet-----[Cisco1600,NAT]----[Client]
>
> - Client (a PC with IPSEC VPN client) should have access to Server over
> IPSEC VPN
> - Cisco 1600 makes NAT with overload
> - IPSEC protocol is IPSEC ESP (not AH)
>
> I have two options:
> -to do something with Cisco to let it pass IPSEC traffic;
> -to switch VPN in UDP-encapsulated mode (IPSEC-over-UDP), which works over
> the most dumb NAT (we have to pay for upgrade, however).
>
> So my question is, does Cisco suppport IPSEC passthrough ?
>
> Alexander
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8186&t=8150
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
