cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
473
Views
0
Helpful
4
Replies

IOS VPN router-router with NAT Overload

roshan.maskey
Level 1
Level 1

Hi Guys,

I have configured VPN and want to use internet via same link. I can ping any public ip from router, but can't ping (get many loses) during ping from inside host.

I have attached my config file..

I hope you guys will help me finding my configuration bug.

4 Replies 4

lamav
Level 8
Level 8

Your configuration looks perfect to me.

You are implementing a split tunnel. IPSec tunnel traffic sourced from vlan 1 and destined for the 3 subnets in your ACL does not get NATed, but Internet traffic does.

The crypto policy looks typical.

You rely on a recursive lookup to find the route to the IPSec peer.

The NATing looks typical, too.

Am I missing anything?

Can you do a "sho ip nat trans*" and run a PING test to an Internet host and source the vlan and post the results?

Is tunnel traffic OK?

Victor

Thanks for reply,

The tunnel is perfect, and is in operation for last 15 days with no issue.

The NAT translation works fine. I even get some ping packet reply from google.com but just 1-5% reply, rest are lost. I will be posting nat and ping reply shortly.

?

I have attached the sh ip nat and ping response from the remote office branch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco