I would like to please you to help with resoulve I hope simple problem :-)
between 2 routers ( Cisco 1812 with 12.4 ) I made a ipsec tunnel trough Internet.
This tunnel works well. So, UI have a problem with acces from one router to network on other side of tunnel.
it's lokk like this
When I try to ping from router1 host in subnet2 I give timeout. When I use ping with source option it works.
This is big problem form me because I have to set on router1 internal DNS which are inside of subnet2 but I can't reach them from router.
So please tell me how I can set default source IP for router to use when connection is made by tunnel?
When I try to ping from host in subnet2 to router1 ( internal interface ) - it works !!
The problems are only when connections are initate from router...
my configuration is similar like this one:
no ipv6 cef
multilink bundle-name authenticated
crypto isakmp policy 10
crypto isakmp key xxxxxxxxx address xx.xx.xx.xx no-xauth
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxxx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA
match address 100
ip address <internet ip>
ip nat outside
crypto map SDM_CMAP_1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$
ip address <internal IP> <subnet>
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <internet gw>
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip access-list extended toInternet
remark dostep do internetu
remark SDM_ACL Category=2
remark IPSec Rule
deny ip <subnet2> <subnet1>
permit ip <subnet2> any
access-list 23 permit any
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip <subnet2> <subnet1>
no cdp run
thanks for help