Re: [Vyatta-users] VPN Routing or NAT Problem

Wed, 20 Feb 2008 10:01:19 -0800 

Hi Chad,

You need to exclude the VPN packets from being NAT'ted by changing your 
source NAT rule a bit. Here's an example:

rule 5 {
type: "source"
source {
network: "10.10.10.0/24" <---your internal/ VPN subnet that you are 
sourcing packets from on this router
}
destination {
network: "!10.0.0.0/8" <----Note the '!' - this is NAT'ting all traffic 
but those packets destined for 10.0.0.0/8. This should be the 
destination network for your remote VPN sites
}
outside-address {
address: 192.168.1.1 <----This would represent your outside/ public address
}
}

Thank you,

Robyn

Chad S. Parsons wrote:
>
> I’m trying to build IPSEC tunnels between three of our offices and I 
> think I have one last hurdle to clear.
>
> The tunnels are built and are establishing, but I cannot get traffic 
> to move between the internal LANs.
>
> The routers are set up with a Source NAT rule changing the internal 
> addresses to a single public IP. This is the only NAT rule.
>
> Do I need to put one in place to keep the VPN traffic from being 
> NAT’ed? Or do I need to put a Static Route in to move the traffic 
> through the appropriate tunnel?
>
> If I can supply any more information, please let me know.
>
> Thanks,
>
> Chad
>
> ___________________________________
> Chad S. Parsons
> Senior Network/Business Systems Administrator
> Cymetrix
> 4510 East Pacific Coast Highway, Suite 600
> Long Beach, CA 90804
> Direct: 562.366.5343
>
> Mobile: 805.490.4703
> Help Desk: 866.333.6617
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> www.cymetrix.com <http://www.cymetrix.com/>
>
> This email is intended solely for the person or entity to which it is 
> addressed and may contain confidential and/or privileged information. 
> Any review, dissemination, copying, printing or other use of this 
> email by persons or entities other than the addressee is strictly 
> prohibited. If you receive this email in error, please contact the 
> sender immediately and delete the material from any computer.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>   
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to