Question : NAT and IPSec endpoint on a Cisco router

Hi all,

I've got a corporate application that requires access to a server across the Internet using IPsec encryption, and we will also need to implement nat/pat on a Cisco router. Here are the questions:

Can I use the same interface and IP address for both the address translation and the IPsec endpoint? It appears that unlike with a pix, I can't specify an IP address as the overloaded natted address, such as

Interface Ethernet1
ip address 208.xxx.yyy.zzz 255.255.255.0
ip address 208.xxx.yyy.zz1 255.255.255.0 secondary
ip nat outside

ip nat inside source list XX interface Ethernet1 overload
^^^^^^^^^^
It doesn't appear there's any way to set the overloaded address to the secondary address. I realize that I could just switch the addresses, but then that brings up the second problem. In setting up the IPsec encryption, it doesn't appear that there's any way to make the encryption endpoint any specific ip address, requiring IPsec to use the primary address on the interface as the encryption endpoint as well. So it appears that both the "overloaded nat" and IPsec endpoint are demanding to use the primary IP address of the public interface of the Cisco router.

So, since it seems that I can't force either nat/pat to use a specific IP address, and it seems that I can't force IPsec to use a specific IP address either, is it possible to use the same address for both IPsec and nat/pat?

And to make matters even a bit more complicated, this router will be on the public side of a PIX, and the workstations running the application have static nat implemented on the PIX. So there may be the issue of "double natting" here, but I don't know for sure. Each of the workstations has a static IP address natted to the public side of the PIX, and it allows all traffic to go through.

Thanks!

Mark

Answer : NAT and IPSec endpoint on a Cisco router

IPSec does nto work over NAT without the use of NAT-T (NAT Traversal).
This is a situation created by the technology itself,...it has nothing to do with Cisco or any other vendor.
No, I do not know how to configure the Cisco device for this.

Random Solutions

which Bluetooth Headset is good for my nokia N95 8G

Force start page in browser to Appropriate Use Policy?

Understanding Routing and Routers

com.crystaldecisions.sdk.o<wbr />cca.report<wbr />.lib.Repor<wbr />tSDKServer<wbr />Exception:<wbr /> There is no server specified.---- Error code:-2147217390 Error code name:serverNotFound

Restricting Bandwidth Usage on a Home Network

Q about adding extra wireless access point to wireless router via ethernet.

Changing IP address and routing information on a Cisco 1720 router.

Windows Live Hotmail server has exceeded the rate limit allowed

The list of servers for this workgroup is not currently available

Users taking long time to log in