DMVPN will support the changes of NAT on the CE routers and maintain the
PRIVATE service. I apologize if I missed a part of the conversation. Just my
2 cents.
Paul
-- Paul Negron CCIE# 14846 CCSI# 22752 Senior Technical Instructor www.micronicstraining.com > From: Tyson Scott <tscott_at_ipexpert.com> > Reply-To: Tyson Scott <tscott_at_ipexpert.com> > Date: Sat, 31 Jul 2010 14:42:55 -0400 > To: 'DN817' <ndheeraj.ccie_at_googlemail.com>, 'Cisco certification' > <ccielab_at_groupstudy.com> > Subject: RE: IPSEC with NAT > > DN, > > You will need to configure this using a client/Server relationship. The 3G > device will need to be configured as a EZVPN client with the public device > acting as a EZVPN server. You cannot establish a L2L when you don't control > what is happening with NAT. It could change at any time. Plus I would > presume they are doing PAT and not NAT. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: tscott_at_ipexpert.com > > > > -----Original Message----- > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of > DN817 > Sent: Saturday, July 31, 2010 8:13 AM > To: Cisco certification > Subject: Re: IPSEC with NAT > > Thanks, Nish. > Do we need IPSec Passthrough on the device doing NAT or on the end CE > routers? > > Unfortunately NAT is done by service provider and we don't have control on > those devices. > > Regards, > DN > > On Sat, Jul 31, 2010 at 1:03 PM, Nish Vamadevan <ipnish_at_gmail.com> wrote: > >> Should be able to as long as IPSec Passthrough is enabled on both devices >> and Protocol 50/50 and Port 500 isin't blocked... Then, you should be able >> to form tunnels... >> >> Regards, >> Nish >> >> On Sat, Jul 31, 2010 at 12:53 PM, DN817 > <ndheeraj.ccie_at_googlemail.com>wrote: >> >>> Hi Experts, >>> >>> I am trying to run IPSEC between an Internet router(with public IP >>> address) >>> and another router which got access to internet over a 3G mobile network. >>> The 3G provider only assigns private address but is static NATed to a >>> public >>> IP address with in their cloud. >>> >>> Please advise whether it is possible to run IPSEC between these 2 routers >>> over the internet. >>> >>> R1(IP=80.x.x.x) == INTERNET == 3G Network (where IP 10.1.1.1 is NAT ed to >>> 90.x.x.x) == 3G Device with WAN IP - 10.1.1.1 >>> >>> Thanks, >>> DN >>> >>> >>> Blogs and organic groups at http://www.ccie.net >>> >>> _______________________________________________________________________ >>> Subscription information may be found at: >>> http://www.groupstudy.com/list/CCIELab.html > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Sat Jul 31 2010 - 14:00:39 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:14 ART