If your WAN router were cisco then the following nat statement would
redirect the esp
traffic to localIP and hence solve your problem:
ip nat inside source static esp <localIP> interface <int>
route-map <rm>
P.
=====================================
On 22 November 2012 18:42, Ben Shaw <[email protected]> wrote:
> Hi All
>
> can anyone provide input on this challenge?
>
> I have a small client with a single Internet connection and just the
> one public IP. I use static PAT on the edge router to translate
> inbound connections to different servers based on port (25, 443, 80 etc).
>
> I would like to place a router on the inside of this edge router to
> terminate VPN tunnels. I do not wish to terminate VPN tunnels on this
> edge router. Having still only one public IP I can obviously translate
> UDP 500 to the outside interface of this VPN router but what about the
> ESP traffic? I don't believe I will be able to use PAT to translate
> the ESP packets to the same outside interface of the VPN router. For
> that I presume it would have to be a static NAT translation at layer 3.
>
> So considering all current translations are in the form of static PAT
> on the router, if I add to this a static PAT for UDP 500 and a static
> NAT for the WAN interface of the edge router to the outside interface
> of the VPN router should this work? The resultant configuration will
> be along the following lines
>
> WAN IP:TCP25 -> Internal_Mail_Server:25 WAN IP:TCP443 -> Internal
> _Web_Server1:443 WAN IP:TCP80 -> Internal_Web_Server2:80 WAN IP:UDP500
> -> VPN_Router:500 (new) WAN IP -> VPN_Router (new)
>
> There is currently no static NAT configured on the edge router, only
> static PAT.
>
> Thanks
> Ben
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
