Your side looks ok at first glance; take a read of the following document - I've used it in the past to sort out a similar issue - hope it helps.

Please rate posts if it helps!

Thanks for the info. So you think my side looks ok? Strange that it works in my lab Cisco to Cisco.

Brandon

I have not done the combination of VPN and static NAT that you are doing. From your comment am I correct in assuming that you have this set up in your lab and it is working correctly to translate and to protect with IPSec VPN?

I also wonder a little about your comment that the config that you posted is from a lab router that is very much like the production environment. It might be good to think carefully about what things are not exactly the same and whether any of these differences might be affecting things.

On the production router where it is not working are you getting hits on the ACL that identifies traffic for VPN (in the lab it is ACL 100)?

It might be helpful if you could post the output of show crypto map and the output of show crypto ipsec sa.

HTH

Rick

Rick,

Thanks for your reply. I just found what the issue was. I had to add my static route and am now getting encaps and decaps.

Brandon

I am glad that you have figured out what the issue was. Frequently it is the small things (like the static route - which seems un-important when you are addressing complex things like IPSec) that turn out to be the problem.

Congratulations on getting it working.

HTH

Rick

Rick,

The static nat with IPSec/VPN's works really well. It is only available with a fairly recent IOS version. I really comes in handy when you have an internal host that is accessed over several VPN's and you are nating on one of those VPN's and not the others.