Thanks. Do we also need to specify the 10. addresses in the encryption
domain?

Thanks again.




-----Original Message-----
From: Dana J. Dawson [mailtoana.Dawson@qwest.com]
Sent: Tuesday, February 14, 2006 4:15 PM
To: Falkovich, Alex; vpn@lists.shmoo.com
Subject: Re: [VPN] Encryption domain in cisco vpn-3030


You need to specify the NATed address, since NAT happens before
encryption for outgoing packets. This makes sense if you think about
it, since you can't NAT something that's been encrypted.

Good luck!

Dana

---
Dana J. Dawson Dana.Dawson@qwest.com
Sr. Staff Engineer CCIE #1937
Qwest Communications JNCIA-FWV
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620

On Tuesday, Feb 14 - 1:21:56 PM, at 1:21 PM, Falkovich, Alex wrote:

> We are configuring a VPN tunnel using a cisco vpn-3030 concentrator,
> where we are PATing 10.0.0.0/8 network and using static NAT for the
> 172.21.21.23 & .24 hosts. My question is what do we enter for the
> Local
> Network address when configuring the tunnel, the NATed addresses or
> the
> private addresses ?
>
> Thanks.
>
> _ Alex
> Notice of Confidentiality:
> **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is
> privileged,
> confidential, or subject to copyright belonging to the
> Lincoln National Corporation family of companies. This E-mail is
> intended
> solely for the use of the individual or entity to which it is
> addressed.
> If you are not the intended recipient of this E-mail, you are hereby
> notified that any dissemination, distribution, copying, or action
> taken
> in relation to the contents of and attachments to this E-mail is
> strictly
> prohibited and may be unlawful. If you have received this E-mail in
> error,
> please notify the sender immediately and permanently delete the
> original
> and any copy of this E-mail and any printout. Thank You.**
> _______________________________________________
> VPN mailing list
> VPN@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn

Notice of Confidentiality:
**This E-mail and any of its attachments may contain
Lincoln National Corporation proprietary information, which is privileged,
confidential, or subject to copyright belonging to the
Lincoln National Corporation family of companies. This E-mail is intended
solely for the use of the individual or entity to which it is addressed.
If you are not the intended recipient of this E-mail, you are hereby
notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this E-mail is strictly
prohibited and may be unlawful. If you have received this E-mail in error,
please notify the sender immediately and permanently delete the original
and any copy of this E-mail and any printout. Thank You.**
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn