[c-nsp] Cisco IPsec with Nat ?
Christopher J. Wargaski
wargo1 at gmail.com
Thu Mar 25 14:10:49 EDT 2010
Hello Jerome--
Besides NAT for port 500, you need to allow ESP inbound to the
router that is the VPN peer. For example, on a router that is a VPN
peer, I have these two entries in the ACL which is on the public
interface.
permit esp any host 66.46.120.222
permit udp any host 66.46.120.222 eq isakmp
If you are using an access-list to match the packets for address
translation, you may be able to match on ESP.
cjw
More information about the cisco-nsp
mailing list