IOS Remote Access VPN Hairpinning

Unanswered Question
Mar 24th, 2010
User Badges:


I would like to access external resources (Internet) from the VPN client through the IOS VPN gateway. When I do 'deb ip cef pack di0 out rate 10', I see packets going from the Dialer0 interface to the Dialer0 interface which is correct:

Mar 24 05:47:11.589: CEF-Debug: Packet from (Di0) to 62.159.x.y (Di0)

The connection is currently failing. The private IP here is the one of the RA VPN client. It's a NAT issue I suppose. Can I define an ip nat inside interface for the VPN clients somehow? Or am I totally wrong with that assumption?

The VPN gateway is a 871 router.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jennifer Halim Wed, 03/24/2010 - 04:55
User Badges:
  • Cisco Employee,

1) use virtual-template and configure "ip nat inside" in the virtual-template.

2) assign the virtual-template to isakmp profile

3) assign tunnel protection to the virtual template

Here is a sample configuration on DVTI:

Hope that helps.


This Discussion

Related Content