Nat on a Stick used mostly when you trying connect to remote computer by a forwarding port
through VPN tunnel, the connection will drop even if there's connectivity to remote computer ( by ICMP packet for example).
Why?through VPN tunnel, the connection will drop even if there's connectivity to remote computer ( by ICMP packet for example).
The packet from the VPN tunnel reach the remote station, but because there's a NAT command on the remote router that forward the port we trying to connect, the packet back will perform a NAT, and will not enter to the VPN tunnel back.
Solution:
The solution is to create a route-map that sent all the traffic back from the local lan to the tunnel, by next hop to a loopback interface that not perform NAT.
Here's the steps:
1. Create a Loopback
conf t
int loopback 1002
ip address 1.1.1.1 255.255.255.252
2. Create access list from lan to VPN lan
ip access-list ex NO_NAT_VPN
permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.0.255
3. Next, need to configure a route map
rotue-map NO_NAT_VPN
match ip add NO_NAT_VPN
set ip next hop 1.1.1.2
4. Need to apply the route map on the internal leg
int vlan 1
ip policy route-map NO_NAT_VPN
ReplyDeleteThanks for share this POST see also:
شركة مكافحة حشرات
شركة تنظيف بالمدينة المنورة شركة تنظيف بالمدينة المنورة
شركة مكافحة حشرات بالمدينة المنورة شركة مكافحة حشرات بالمدينة المنورة
ارخص شركة نقل عفش بالمدينة المنورة ارخص شركة نقل عفش بالمدينة المنورة
افضل شركة تسليك مجارى بالرياض
ارخص شركة تنظيف بالدمام
شركة تنظيف بينبع
ReplyDeleteNice article!
We are glad to read your blog, and we totally agree with you, the list you shared here is excellent. Keep sharing such articles. Me and my team at Rankofy PPC Company In Chandigarh and Rankofy SEO Services In Chandigarh will surely use your tips.