NAT-T would be the solution which enabled by default. But since, you are doing PAT, VPN can established in one direction.
You need a static mapping for inside router doing VPN. With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Thu, Nov 22, 2012 at 8:13 PM, Jay McMickle <[email protected]>wrote: > Interesting scenario- let me see of I can dig up something. > > Regards, > Jay McMickle- CCIE #35355 (RS) > Sent from my iPhone 5 > > On Nov 22, 2012, at 1:42 AM, Ben Shaw <[email protected]> wrote: > > > Hi All > > > > can anyone provide input on this challenge? > > > > I have a small client with a single Internet connection and just the one > public IP. I use static PAT on the edge router to translate inbound > connections to different servers based on port (25, 443, 80 etc). > > > > I would like to place a router on the inside of this edge router to > terminate VPN tunnels. I do not wish to terminate VPN tunnels on this edge > router. Having still only one public IP I can obviously translate UDP 500 > to the outside interface of this VPN router but what about the ESP traffic? > I don't believe I will be able to use PAT to translate the ESP packets to > the same outside interface of the VPN router. For that I presume it would > have to be a static NAT translation at layer 3. > > > > So considering all current translations are in the form of static PAT on > the router, if I add to this a static PAT for UDP 500 and a static NAT for > the WAN interface of the edge router to the outside interface of the VPN > router should this work? The resultant configuration will be along the > following lines > > > > WAN IP:TCP25 -> Internal_Mail_Server:25 > > WAN IP:TCP443 -> Internal _Web_Server1:443 > > WAN IP:TCP80 -> Internal_Web_Server2:80 > > WAN IP:UDP500 -> VPN_Router:500 (new) > > WAN IP -> VPN_Router (new) > > > > There is currently no static NAT configured on the edge router, only > static PAT. > > > > Thanks > > Ben > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
