Ip nat inside question (stuck!)

Discussion in 'Cisco' started by Taff, Jan 24, 2005.

  1. Taff

    Taff Guest

    I have a router that is terminating Cisco inbound vpn client connections.
    But I also need to port forward udp port 500 and 4500 to a client pc on the
    inside of the network for third-party vpn connections.

    If I add an ip nat inside static command then all my inbound vpn connections
    will point at the inside Client PC and fail (I assume).

    Is there a way of controlling the port forwarding by source address of the
    external connection rather than or in addition to port number?

    I only have one public ip address so one to one natting is out of the
    question.

    Any help would be much appreciated.

    Cheers,
    Taff.
     
    Taff, Jan 24, 2005
    #1
    1. Advertising

  2. In article <41f580bc$>, Taff <> wrote:
    :I have a router that is terminating Cisco inbound vpn client connections.
    :But I also need to port forward udp port 500 and 4500 to a client pc on the
    :inside of the network for third-party vpn connections.

    :If I add an ip nat inside static command then all my inbound vpn connections
    :will point at the inside Client PC and fail (I assume).

    :Is there a way of controlling the port forwarding by source address of the
    :external connection rather than or in addition to port number?

    I believe you could use policy maps.

    If you are using 12.2(4)T or later, you also have the option of doing
    static PAT using ACLs -- before that, use of an ACL automatically meant
    dynamic NAT.


    :I only have one public ip address so one to one natting is out of the
    :question.

    Do the inside systems need to terminate the third-party connections?
    Or do different inside systems need to connect to different third-party
    termination points?
    --
    The image data is transmitted back to Earth at the speed of light
    and usually at 12 bits per pixel.
     
    Walter Roberson, Jan 24, 2005
    #2
    1. Advertising

  3. Taff

    Taff Guest

    Thanks for the response.
    Can you give some examples of static pat using acl's for this type of
    solution as I can't seem to find any related to routers (only pix).

    Regards the inside systems qu - there is a single client on the inside that
    will terminate a third party vpn (single source address).


    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:ct41ev$d3u$...
    > In article <41f580bc$>, Taff <> wrote:
    > :I have a router that is terminating Cisco inbound vpn client connections.
    > :But I also need to port forward udp port 500 and 4500 to a client pc on

    the
    > :inside of the network for third-party vpn connections.
    >
    > :If I add an ip nat inside static command then all my inbound vpn

    connections
    > :will point at the inside Client PC and fail (I assume).
    >
    > :Is there a way of controlling the port forwarding by source address of

    the
    > :external connection rather than or in addition to port number?
    >
    > I believe you could use policy maps.
    >
    > If you are using 12.2(4)T or later, you also have the option of doing
    > static PAT using ACLs -- before that, use of an ACL automatically meant
    > dynamic NAT.
    >
    >
    > :I only have one public ip address so one to one natting is out of the
    > :question.
    >
    > Do the inside systems need to terminate the third-party connections?
    > Or do different inside systems need to connect to different third-party
    > termination points?
    > --
    > The image data is transmitted back to Earth at the speed of light
    > and usually at 12 bits per pixel.
     
    Taff, Jan 26, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken
    Replies:
    1
    Views:
    902
  2. Replies:
    2
    Views:
    1,479
  3. Jim Willsher
    Replies:
    23
    Views:
    14,951
    kjems
    Apr 23, 2008
  4. Lionel
    Replies:
    1
    Views:
    315
    Pastello
    Apr 10, 2005
  5. Jonathan Wright

    Inside to Inside NAT

    Jonathan Wright, Apr 11, 2007, in forum: Cisco
    Replies:
    2
    Views:
    621
    Rod Dorman
    Apr 16, 2007
Loading...

Share This Page