Table of Contents
Advertisement
Chapter 8
Site-to-Site VPN
How Do I Configure a VPN After I Have Configured a Firewall?
How Do I Configure NAT Passthrough for a VPN?
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
OL-4015-08
In order for a
VPN
to function with a
configured to permit traffic between the local and remote
creates this configuration by default when you configure a VPN configuration
after you have already configured a firewall.
If you are using
NAT
to translate addresses from networks outside your own and
if you are also connecting to a specific site outside your network via a VPN, you
must configure NAT passthrough for your VPN connection, so that network
address translation does not take place on the VPN traffic. If you have already
configured NAT on your router and are now configuring a new VPN connection
using SDM, you will receive a warning message informing you that SDM will
configure NAT so that it does not translate VPN traffic. You must accept the
message so that SDM will create the necessary ACLs to protect your VPN traffic
from translation.
If you are configuring NAT using SDM and you have already configured a VPN
connection, perform the following procedure to create ACLs.
From the left frame, select Additional Tasks/ACL Editor.
In the Rules tree, choose Access Rules.
Click Add.
The Add a Rule dialog box appears.
In the Name/Number field, enter a unique name or number for the new rule.
From the Type field, choose Extended Rule.
In the Description field, enter a short description of the new rule.
Click Add.
The Add a Standard Rule Entry dialog box appears.
In the Action field, choose Permit.
In the Source Host/Network group, from the Type field, select A Network.
Cisco Router and Security Device Manager Version 2.2 User's Guide
firewall
in place, the firewall must be
peer
How Do I...
IP addresses. SDM
8-75
Advertisement
Table of Contents
Troubleshooting
