IOS VPN router-router with NAT Overload

Unanswered Question
Aug 6th, 2008
User Badges:

Hi Guys,

I have configured VPN and want to use internet via same link. I can ping any public ip from router, but can't ping (get many loses) during ping from inside host.

I have attached my config file..

I hope you guys will help me finding my configuration bug.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lamav Wed, 08/06/2008 - 16:10
User Badges:
  • Blue, 1500 points or more

Your configuration looks perfect to me.

You are implementing a split tunnel. IPSec tunnel traffic sourced from vlan 1 and destined for the 3 subnets in your ACL does not get NATed, but Internet traffic does.

The crypto policy looks typical.

You rely on a recursive lookup to find the route to the IPSec peer.

The NATing looks typical, too.

Am I missing anything?

Can you do a "sho ip nat trans*" and run a PING test to an Internet host and source the vlan and post the results?

Is tunnel traffic OK?


roshan.maskey Wed, 08/06/2008 - 16:49
User Badges:

Thanks for reply,

The tunnel is perfect, and is in operation for last 15 days with no issue.

The NAT translation works fine. I even get some ping packet reply from but just 1-5% reply, rest are lost. I will be posting nat and ping reply shortly.


This Discussion