I am assisting a client with their VPN setup, and just want to know if it's possible to apply a crypto map on the inside interface.
I have tried however I am unable to ping anything inside the private network.
The inside netwiork is as follows..
ip address xxx.xxx.xxx.xxx 255.255.255.192 secondary
ip address yyy.yyy.yyy.yyy 255.255.255.248
ip nat inside
crypto map VPNMap
xxx - the internal 'private' network
yyy - Internet reachable IP address
To even ping from my network, I had to create a static router to the vlan1 interface, so as to trigger the encryption process.
I also have the following
ip nat inside source route-map nonat pool in-net overload
Where in-net is doing PAT for internal hosts wanting to connect to the Internet
When I ping from my network, to the xxx (vlan1 secondary IP address), it works OK, when I however try to ping anything inside the private xxx network, I get 50% packet loss (reply - no reply - reply etc).
I am wondering if what I am doing can actually work, or does a crypto map have to be applied to an 'nat outside' interface only?