No announcement yet.

unusual VPN - cisco

  • Filter
  • Time
  • Show
Clear All
new posts

  • unusual VPN - cisco

    From my router conf:

    crypto map CRYPTO 20 ipsec-isakmp
    set peer
    set transform-set TELCOM
    set pfs group2
    match address 102

    access list consist of only one command:

    access-list 102 permit ip host

    Now what is a bit unusual is that this access list contains only public addresses instead of private addresses. is the server public address located in my network. is on my client side.

    I could not find any info which is similar to my access list with public addresses on the internet. My client - telecom provider does not have any communication with me.

    The problem is that I need to limit access to my server, and my intention is to allow only VPN access from my client site to my server, which is to be moved behind router-firewall).

    So I have to nat my server public address:

    ip nat inside source static

    Therefore I have problem how to design acl list to do that:
    Relating to NAT order I might have to put the following instructions in my outbound acl on the inside interface of the router:

    access-list 123 permit ip host host
    access-list 123 deny ip any host

    I have done that but it have caused VPN communication to stop. I do not know what I have done wrong?