Announcement

Collapse
No announcement yet.

unusual VPN - cisco

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • unusual VPN - cisco

    From my router conf:

    crypto map CRYPTO 20 ipsec-isakmp
    set peer 194.48.130.35
    set transform-set TELCOM
    set pfs group2
    match address 102

    access list consist of only one command:

    access-list 102 permit ip host 62.100.68.171 194.48.129.192 0.0.0.63


    Now what is a bit unusual is that this access list contains only public addresses instead of private addresses. 62.100.68.171 is the server public address located in my network. 194.48.129.192 0.0.0.63 is on my client side.

    I could not find any info which is similar to my access list with public addresses on the internet. My client - telecom provider does not have any communication with me.

    The problem is that I need to limit access to my server, and my intention is to allow only VPN access from my client site to my server, which is to be moved behind router-firewall).

    So I have to nat my server public address:

    ip nat inside source static 192.168.100.24 62.100.68.171

    Therefore I have problem how to design acl list to do that:
    Relating to NAT order I might have to put the following instructions in my outbound acl on the inside interface of the router:

    access-list 123 permit ip host 194.48.130.35 host 192.168.100.24
    access-list 123 deny ip any host 192.168.100.24

    I have done that but it have caused VPN communication to stop. I do not know what I have done wrong?
Working...
X