IOS VPN router-router with NAT Overload

Unanswered Question
Aug 6th, 2008

Hi Guys,


I have configured VPN and want to use internet via same link. I can ping any public ip from router, but can't ping (get many loses) during ping from inside host.


I have attached my config file..


I hope you guys will help me finding my configuration bug.






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Wed, 08/06/2008 - 16:10

Your configuration looks perfect to me.


You are implementing a split tunnel. IPSec tunnel traffic sourced from vlan 1 and destined for the 3 subnets in your ACL does not get NATed, but Internet traffic does.


The crypto policy looks typical.


You rely on a recursive lookup to find the route to the IPSec peer.


The NATing looks typical, too.


Am I missing anything?


Can you do a "sho ip nat trans*" and run a PING test to an Internet host and source the vlan and post the results?


Is tunnel traffic OK?


Victor

roshan.maskey Wed, 08/06/2008 - 16:49

Thanks for reply,


The tunnel is perfect, and is in operation for last 15 days with no issue.


The NAT translation works fine. I even get some ping packet reply from google.com but just 1-5% reply, rest are lost. I will be posting nat and ping reply shortly.


Actions

This Discussion