[Webinar] Learn how to a build a cloud-first strategyRegister Now


Using PAT to route the outside interface address inside a VPN tunnel

Posted on 2007-07-31
Medium Priority
Last Modified: 2008-02-12
Is it possble to use the outside interface of a VPN router (in my case a Nortel Contivity 1100) on the inside of a tunnel using PAT?  Basically I have a client that is refusing to let us use private addresses in a VPN tunnel between us.  They said that they have clients set this up all the time.  I don't understand how this would work because that outside interface is the endpoint for the VPN tunnel.  How could you then use that same address to PAT on the inside of the tunnel?  For example, the VPN router has an external IP address of  That is also of course its endpoint when building tunnels.  There is a server on the inside of the network at  In the VPN router, can you PAT that outside interface address of so that maybe coming over the VPN tunnel will be routed to on the inside?
Question by:denverjaye

Expert Comment

ID: 19611231

There is a feature that I used in a case similar to yours. You can define a new NAT policy and apply it to one tunnel only. You'll find that option in the Branch Office tunnel configuration

I hope that helps
LVL 12

Accepted Solution

benhanson earned 1500 total points
ID: 19823730
First off, taking and pushing it to would be a NAT definition, not a PAT pool.  A PAT'd interface is generally sequentially assigning port numbers as outbound connections are being made.

The scenario you are describing is really not clear.  So you have a Nortel 1100, public IP, private IP  You are trying to get a tunnel from to your client's public address of, which would allow your client to access your internal network.  Where doesn't the client want to use private addresses?  A VPN is pretty much a tunnel in to an org's private network.

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question