I'm having an issue I can't quite figure out. I'm setting up a Cisco 2821 on our edge to provide a site-to-site VPN to one of our clients. There is only one host that needs to connect to the client, and they require all addressing to be public, so we set up a public /30 to NAT our single host to. I set a loopback up on the 2821 inside this /30 as well. Traffic from the loopback works fine, but traffic from the NAT'd host doesn't seem to want to flow. The VPN seems to come up fine when sourcing traffic from the loopback.
I can see NAT translations (with nat logging) correctly translating the static NAT. I can ping the router's Loopback address as well as the static NAT address from the host, but I can't get to the internet at all, let alone the client vpn addresses. Packet debugging only shows me the traffic between my workstation and the router, and broadcasts.
I'm probably doing something wrong, and it's likely simple, but it's been eluding me all day. Any help would be greatly appreciated. My config is attached. (Names and IP addresses have been changed to protect the innocent...)
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(9)T7, RELEASE SOFTWARE (fc3)
- Static NAT: 172.16.173.5 -> 184.108.40.206
Outside Gateway: 220.127.116.11/27
Host 172.16.173.5 is using 172.16.171.200 (router inside interface) as its default gateway.
router_VPN# sh debug
ICMP packet debugging is on
IP packet debugging is on (detailed) for access list 101
IP NAT debugging is on
sh log output: (pings to google and yahoo from the host in question)
Aug 24 14:34:44: NAT*: s=172.16.173.5->18.104.22.168, d=22.214.171.124 
Aug 24 14:34:47: NAT*: s=172.16.173.5->126.96.36.199, d=188.8.131.52 
Aug 24 14:34:53: NAT*: s=172.16.173.5->184.108.40.206, d=220.127.116.11 
Aug 24 14:35:05: NAT*: s=172.16.173.5->18.104.22.168, d=22.214.171.124 
Aug 24 14:35:08: NAT*: s=172.16.173.5->126.96.36.199, d=188.8.131.52 
Aug 24 14:35:14: NAT*: s=172.16.173.5->184.108.40.206, d=220.127.116.11