DMVPN and NAT Overload on the same physical IP Address

Unanswered Question
Jan 12th, 2009


we have configure DMVPN and NAT overload on the same physical Interface. We have one interface connected to the internet and only one public IP address.

Everthing works fine, but after a few days the DMVPN Session terminates and only will come up again after disabling NAT on the Outside Interface. Then we configure the NAT on the Interface again and it is working for a few days.

Any Ideas?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Mon, 01/12/2009 - 10:06

Hi Dirk,

When this happens, can you go ahead and check the "show ip nat trans | inc 500" see if that traffic is being forwarded back to another ip address. If this is the case then by issuing a "clear ip nat trans *" will probably bring you back on business. This can be caused by 1 of 2 reasons here.

1. There is somebody behind your router that is using the Cisco VPN Client to connect to a different location using the port udp 500 needed for the DMVPN connection, make sure that this vpn client is not in use at that time.

2. Your router randonmly starts forwarding UDP 500 back to a random host causing the dmvpn traffic to go down. If this is the case I would rather go ahead and open a case with TAC to have them check this issue.


This Discussion