[VPN] Re: Encryption domain in cisco vpn-3030

Falkovich, Alex AFalkovich at lnc.com
Tue Feb 14 16:19:12 EST 2006 

Thanks. Do we also need to specify the 10. addresses in the encryption
domain?

Thanks again.




-----Original Message-----
From: Dana J. Dawson [mailto:Dana.Dawson at qwest.com] 
Sent: Tuesday, February 14, 2006 4:15 PM
To: Falkovich, Alex; vpn at lists.shmoo.com
Subject: Re: [VPN] Encryption domain in cisco vpn-3030


You need to specify the NATed address, since NAT happens before  
encryption for outgoing packets.  This makes sense if you think about  
it, since you can't NAT something that's been encrypted.

Good luck!

Dana

---
Dana J. Dawson                     Dana.Dawson at qwest.com
Sr. Staff Engineer                 CCIE #1937
Qwest Communications               JNCIA-FWV
600 Stinson Blvd., Suite 1S
Minneapolis  MN  55413-2620

On Tuesday, Feb 14 - 1:21:56 PM, at 1:21 PM, Falkovich, Alex wrote:

> We are configuring a VPN tunnel using a cisco vpn-3030 concentrator, 
> where we are PATing 10.0.0.0/8 network and using static NAT for the 
> 172.21.21.23 & .24 hosts. My question is what do we enter for the
> Local
> Network address when configuring the tunnel, the NATed addresses or  
> the
> private addresses ?
>
> Thanks.
>
> _ Alex
> Notice of Confidentiality:
> **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is
> privileged,
> confidential, or subject to copyright belonging to the
> Lincoln National Corporation family of companies. This E-mail is  
> intended
> solely for the use of the individual or entity to which it is  
> addressed.
> If you are not the intended recipient of this E-mail, you are hereby
> notified that any dissemination, distribution, copying, or action  
> taken
> in relation to the contents of and attachments to this E-mail is  
> strictly
> prohibited and may be unlawful. If you have received this E-mail in  
> error,
> please notify the sender immediately and permanently delete the  
> original
> and any copy of this E-mail and any printout. Thank You.**
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
Notice of Confidentiality:
**This E-mail and any of its attachments may contain 
Lincoln National Corporation proprietary information, which is privileged,
confidential, or subject to copyright belonging to the 
Lincoln National Corporation family of companies. This E-mail is intended 
solely for the use of the individual or entity to which it is addressed. 
If you are not the intended recipient of this E-mail, you are hereby 
notified that any dissemination, distribution, copying, or action taken 
in relation to the contents of and attachments to this E-mail is strictly 
prohibited and may be unlawful. If you have received this E-mail in error, 
please notify the sender immediately and permanently delete the original 
and any copy of this E-mail and any printout. Thank You.**

More information about the VPN mailing list