Setup:
clients --- fa0/1 R1 fa0/0 ---ipsec--- fa0/0 R2 --- loopback
R1 fa0/1: 10.30.50.254
R1 fa0/0: 10.10.10.1
R2 fa0/0: 10.10.10.2
R2 Loop0: 10.10.20.171
I have a lab setup to help me learn about setting up IPSec tunnels and I can get the tunnel up and running with packets passing back and forth, however, when I assign an ACL to the inside interface traffic no longer passes.
A bit more information:
I have noticed that although the inbound ACL seems to kill the connection, I can issue 'sh ip nat trans' and still see translations being made....
here is my relevant config on R1:
####################
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key *** address 10.10.10.2
!
!
crypto ipsec transform-set esp-3des esp-3des
!
crypto map VPN_crypto 10 ipsec-isakmp
set peer 10.10.10.2
set transform-set esp-3des
match address VPN_Traffic
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.252
ip nat outside
crypto map VPN_crypto
!
interface FastEthernet0/1
ip address 10.30.50.254 255.255.255.0
ip nat inside
ip nat inside source list VPN_NAT interface FastEthernet0/0 overload
!
ip access-list extended VPN_NAT
permit tcp any host 10.10.20.171 eq www
permit tcp any host 10.10.20.171 eq 443
permit ip host 10.30.50.124 host 10.10.20.171
ip access-list extended VPN_Traffic
permit ip any host 10.10.20.171
ip access-list extended Inside_Allowed
permit ip 10.25.25.0 0.0.0.255 host 10.30.50.254
permit ip host 10.30.50.124 any
permit ip any host 10.10.20.171
##################3
Thank you for any advice and assistance in advanced.
Richard