[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Using PAT to route the outside interface address inside a VPN tunnel

Posted on 2007-07-31
2
Medium Priority
?
433 Views
Last Modified: 2008-02-12
Is it possble to use the outside interface of a VPN router (in my case a Nortel Contivity 1100) on the inside of a tunnel using PAT?  Basically I have a client that is refusing to let us use private addresses in a VPN tunnel between us.  They said that they have clients set this up all the time.  I don't understand how this would work because that outside interface is the endpoint for the VPN tunnel.  How could you then use that same address to PAT on the inside of the tunnel?  For example, the VPN router has an external IP address of 10.10.10.1.  That is also of course its endpoint when building tunnels.  There is a server on the inside of the network at 192.168.10.5.  In the VPN router, can you PAT that outside interface address of 10.10.10.1 so that maybe 10.10.10.1:4451 coming over the VPN tunnel will be routed to 192.168.10.5 on the inside?
0
Comment
Question by:denverjaye
2 Comments
 
LVL 6

Expert Comment

by:netnounours
ID: 19611231
Hi,

There is a feature that I used in a case similar to yours. You can define a new NAT policy and apply it to one tunnel only. You'll find that option in the Branch Office tunnel configuration

I hope that helps
0
 
LVL 12

Accepted Solution

by:
benhanson earned 1500 total points
ID: 19823730
First off, taking 10.10.10.1:4451 and pushing it to 192.168.10.5:4451 would be a NAT definition, not a PAT pool.  A PAT'd interface is generally sequentially assigning port numbers as outbound connections are being made.

The scenario you are describing is really not clear.  So you have a Nortel 1100, public IP 123.123.123.123, private IP 192.168.10.1.  You are trying to get a tunnel from 209.123.123.123 to your client's public address of 66.123.123.123, which would allow your client to access your internal network.  Where doesn't the client want to use private addresses?  A VPN is pretty much a tunnel in to an org's private network.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question