You need to specify the NATed address, since NAT happens before
encryption for outgoing packets. This makes sense if you think about
it, since you can't NAT something that's been encrypted.

Good luck!

Dana

---
Dana J. Dawson Dana.Dawson@qwest.com
Sr. Staff Engineer CCIE #1937
Qwest Communications JNCIA-FWV
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620

On Tuesday, Feb 14 - 1:21:56 PM, at 1:21 PM, Falkovich, Alex wrote:

> We are configuring a VPN tunnel using a cisco vpn-3030 concentrator,
> where we are PATing 10.0.0.0/8 network and using static NAT for the
> 172.21.21.23 & .24 hosts. My question is what do we enter for the
> Local
> Network address when configuring the tunnel, the NATed addresses or
> the
> private addresses ?
>
> Thanks.
>
> _ Alex
> Notice of Confidentiality:
> **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is
> privileged,
> confidential, or subject to copyright belonging to the
> Lincoln National Corporation family of companies. This E-mail is
> intended
> solely for the use of the individual or entity to which it is
> addressed.
> If you are not the intended recipient of this E-mail, you are hereby
> notified that any dissemination, distribution, copying, or action
> taken
> in relation to the contents of and attachments to this E-mail is
> strictly
> prohibited and may be unlawful. If you have received this E-mail in
> error,
> please notify the sender immediately and permanently delete the
> original
> and any copy of this E-mail and any printout. Thank You.**
> _______________________________________________
> VPN mailing list
> VPN@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn


_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn