×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

cisco 881, nat and tunnel

Unanswered Question
Oct 7th, 2014
User Badges:

Hello!
I ask your advices! 

I have Cisco 881, which is connected to the Internet. 
There is a VPN-tunnel on it to a host. 
command "Ping" from 881 to this host is working. But from the PC behind the cisco is not going.
I see the Internet, but not the host.

 

That is my config:

version 15.2
!
interface Tunnel0
description --=VPN=--
ip address 10.0.0.11 255.255.255.252
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination 123.345.67.89
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet4
description WAN
ip address 12.12.12.20 255.255.255.248
duplex auto
speed auto
ip nat outside
!
interface Vlan2
ip address 192.168.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 12.12.12.2
ip route 192.168.100.0 255.255.255.0 10.0.0.10
!
ip access-list extended NAT
permit ip 12.12.12.0 0.0.0.255 any
!

Thanks beforehands!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jody Lemoine Wed, 10/08/2014 - 07:43
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Member's Choice, April 2016

Everything looks good here, but the symptoms sound like the remote end is missing a return route for traffic. You should have something like this on the other router:

ip route 192.168.0.0 255.255.255.0 10.0.0.11

Can you verify that this route is present?

michael o'nan Wed, 10/08/2014 - 10:15
User Badges:
  • Silver, 250 points or more

Does your tunnel show up up on show ip interface brief?

Actions

This Discussion

Related Content