Filter
Top Products
Chapter 11 Site-to-Site VPN
How Do I...
11-38
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
How Do I Configure a VPN After I Have Configured a Firewall?
In order for a VPN to function with a firewall in place, the firewall must be
configured to permit traffic between the local and remote peer IP addresses. Cisco
SDM creates this configuration by default when you configure a VPN
configuration after you have already configured a firewall.
How Do I Configure NAT Passthrough for a VPN?
If you are using NAT to translate addresses from networks outside your own and
if you are also connecting to a specific site outside your network via a VPN, you
must configure NAT passthrough for your VPN connection, so that network
address translation does not take place on the VPN traffic. If you have already
configured NAT on your router and are now configuring a new VPN connection
using Cisco SDM, you will receive a warning message informing you that Cisco
SDM will configure NAT so that it does not translate VPN traffic. You must accept
the message so that Cisco SDM will create the necessary ACLs to protect your
VPN traffic from translation.
If you are configuring NAT using Cisco SDM and you have already configured a
VPN connection, perform the following procedure to create ACLs.
Step 1 From the left frame, select Additional Tasks/ACL Editor.
Step 2 In the Rules tree, choose Access Rules.
Step 3 Click Add.
The Add a Rule dialog box appears.
Step 4 In the Name/Number field, enter a unique name or number for the new rule.
Step 5 From the Type field, choose Extended Rule.
Step 6 In the Description field, enter a short description of the new rule.
Step 7 Click Add.
The Add a Standard Rule Entry dialog box appears.
Step 8 In the Action field, choose Permit.
Step 9 In the Source Host/Network group, from the Type field, select A Network.