Hello,
I have read all the post on this forum with the same subject as mine and am still having a hard time with this issue. I have MTCNA and MTCRE and still am not savvy with a lot.

I am a wisp with a /29 uplink and a /28 pool for publics. I have customers that i assign the /28 by natting them to the LAN in the NOC router. I do have operational vpn at NOC. But i need to setup a separate vpn on one of the /28 accessible from the net and am not able to achieve this. Is there something i need to do in the NOC router? I AM ASSUMING THAT WHEN I NAT /28 TO THE LAN THAT EVERYTHING DESTINED FOR THE /28 IS ROUTED THROUGH THE /29. I ASSUME THIS BECAUSE ALL MY PORT FORWARDS FROM THE WAN ON THE /28 TO THE LAN ARE ACCESSIBLE FROM THE NET.

I hope that I am being clear as to what I mean and that this is like a *palm-to-forhead* with a simple process i am overlooking..

Thanks!!!

I'm having a bit of trouble following the logic. You have a /29 at the Internet edge.You also have a /28 you are using to assign to customers. Are both the /29 and /28 global unicast IPs, public IPs? I'm not sure why or where you are performing NAT.

What is your core goal, you left that out other than the subject. Are you trying to setup a VPN to one of the /28 IP addresses?

idlemind,
Yes that is exactly what i am trying to do. Setup a vpn on one of my customer routers thats behind the internet facing NOC router.

Just route the subnet and don't need NAT, it worked, you can try.

I figured out what the issue was. By assigning the /28 address to WAN interface i needed to at a firewall rule to forward tcp 1723 and gre to the natted customer address. Once i did this is worked great! Thanks for the help everyone