<div>
Hi,<br />
<br />
There is a feature that I used in a case similar to yours. You can define a new NAT policy and apply it to one tunnel only. You'll find that option in the Branch Office tunnel configuration<br />
<br />
I hope that helps
</div>


Hi,

There is a feature that I used in a case similar to yours. You can define a new NAT policy and apply it to one tunnel only. You'll find that option in the Branch Office tunnel configuration

I hope that helps

<div>
<div class="content wysiwyg-content">
Is it possble to use the outside interface of a VPN router (in my case a Nortel Contivity 1100) on the inside of a tunnel using PAT? &nbsp;Basically I have a client that is refusing to let us use private addresses in a VPN tunnel between us. &nbsp;They said that they have clients set this up all the time. &nbsp;I don't understand how this would work because that outside interface is the endpoint for the VPN tunnel. &nbsp;How could you then use that same address to PAT on the inside of the tunnel? &nbsp;For example, the VPN router has an external IP address of 10.10.10.1. &nbsp;That is also of course its endpoint when building tunnels. &nbsp;There is a server on the inside of the network at 192.168.10.5. &nbsp;In the VPN router, can you PAT that outside interface address of 10.10.10.1 so that maybe 10.10.10.1:4451 coming over the VPN tunnel will be routed to 192.168.10.5 on the inside?
</div>
</div>


Is it possble to use the outside interface of a VPN router (in my case a Nortel Contivity 1100) on the inside of a tunnel using PAT?  Basically I have a client that is refusing to let us use private addresses in a VPN tunnel between us.  They said that they have clients set this up all the time.  I don't understand how this would work because that outside interface is the endpoint for the VPN tunnel.  How could you then use that same address to PAT on the inside of the tunnel?  For example, the VPN router has an external IP address of 10.10.10.1.  That is also of course its endpoint when building tunnels.  There is a server on the inside of the network at 192.168.10.5.  In the VPN router, can you PAT that outside interface address of 10.10.10.1 so that maybe 10.10.10.1:4451 coming over the VPN tunnel will be routed to 192.168.10.5 on the inside?

Using PAT to route the outside interface address inside a VPN tunnel

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.