- Ip nat inside question (stuck!)
- Posted by Taff on January 24th, 2005
I have a router that is terminating Cisco inbound vpn client connections.
But I also need to port forward udp port 500 and 4500 to a client pc on the
inside of the network for third-party vpn connections.
If I add an ip nat inside static command then all my inbound vpn connections
will point at the inside Client PC and fail (I assume).
Is there a way of controlling the port forwarding by source address of the
external connection rather than or in addition to port number?
I only have one public ip address so one to one natting is out of the
question.
Any help would be much appreciated.
Cheers,
Taff.
- Posted by Walter Roberson on January 24th, 2005
In article <41f580bc$1@clear.net.nz>, Taff <tafsjunk@yahoo.co.uk> wrote:
:I have a router that is terminating Cisco inbound vpn client connections.
:But I also need to port forward udp port 500 and 4500 to a client pc on the
:inside of the network for third-party vpn connections.
:If I add an ip nat inside static command then all my inbound vpn connections
:will point at the inside Client PC and fail (I assume).
:Is there a way of controlling the port forwarding by source address of the
:external connection rather than or in addition to port number?
I believe you could use policy maps.
If you are using 12.2(4)T or later, you also have the option of doing
static PAT using ACLs -- before that, use of an ACL automatically meant
dynamic NAT.
:I only have one public ip address so one to one natting is out of the
:question.
Do the inside systems need to terminate the third-party connections?
Or do different inside systems need to connect to different third-party
termination points?
--
The image data is transmitted back to Earth at the speed of light
and usually at 12 bits per pixel.
- Posted by Taff on January 26th, 2005
Thanks for the response.
Can you give some examples of static pat using acl's for this type of
solution as I can't seem to find any related to routers (only pix).
Regards the inside systems qu - there is a single client on the inside that
will terminate a third party vpn (single source address).
"Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
news:ct41ev$d3u$1@canopus.cc.umanitoba.ca...
