How Do I Configure A Vpn After I Have Configured A Firewall; How Do I Configure Nat Passthrough For A Vpn - Cisco ROUTER-SDM-CD User Manual

How Do I...

How Do I Configure a VPN After I Have Configured a Firewall?

How Do I Configure NAT Passthrough for a VPN?

Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Cisco Router and Security Device Manager 2.5 User's Guide
11-38
In order for a VPN to function with a
configured to permit traffic between the local and remote
SDM creates this configuration by default when you configure a VPN
configuration after you have already configured a firewall.
If you are using NAT to translate addresses from networks outside your own and
if you are also connecting to a specific site outside your network via a VPN, you
must configure NAT passthrough for your VPN connection, so that network
address translation does not take place on the VPN traffic. If you have already
configured NAT on your router and are now configuring a new VPN connection
using Cisco SDM, you will receive a warning message informing you that Cisco
SDM will configure NAT so that it does not translate VPN traffic. You must accept
the message so that Cisco SDM will create the necessary ACLs to protect your
VPN traffic from translation.
If you are configuring NAT using Cisco SDM and you have already configured a
VPN connection, perform the following procedure to create ACLs.
From the left frame, select Additional Tasks/ACL Editor.
In the Rules tree, choose Access Rules.
Click Add.
The Add a Rule dialog box appears.
In the Name/Number field, enter a unique name or number for the new rule.
From the Type field, choose Extended Rule.
In the Description field, enter a short description of the new rule.
Click Add.
The Add a Standard Rule Entry dialog box appears.
In the Action field, choose Permit.
In the Source Host/Network group, from the Type field, select A Network.
Chapter 11
firewall in place, the firewall must be
peer
Site-to-Site VPN
IP addresses. Cisco
OL-4015-12