IOS Remote Access VPN Hairpinning

Unanswered Question
Mar 24th, 2010
User Badges:

Hi,


I would like to access external resources (Internet) from the VPN client through the IOS VPN gateway. When I do 'deb ip cef pack di0 out rate 10', I see packets going from the Dialer0 interface to the Dialer0 interface which is correct:

Mar 24 05:47:11.589: CEF-Debug: Packet from 192.168.177.84 (Di0) to 62.159.x.y (Di0)

The connection is currently failing. The private IP here is the one of the RA VPN client. It's a NAT issue I suppose. Can I define an ip nat inside interface for the VPN clients somehow? Or am I totally wrong with that assumption?

The VPN gateway is a 871 router.



Thanks,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Wed, 03/24/2010 - 04:55
User Badges:
  • Cisco Employee,

1) use virtual-template and configure "ip nat inside" in the virtual-template.

2) assign the virtual-template to isakmp profile

3) assign tunnel protection to the virtual template


Here is a sample configuration on DVTI:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.html


Hope that helps.

Actions

This Discussion

Related Content