cisco 881, nat and tunnel

ALTARRCBANK · ‎10-07-2014

Hello!
I ask your advices!
I have Cisco 881, which is connected to the Internet.
There is a VPN-tunnel on it to a host.
command "Ping" from 881 to this host is working. But from the PC behind the cisco is not going.
I see the Internet, but not the host.

That is my config:

version 15.2
!
interface Tunnel0
description --=VPN=--
ip address 10.0.0.11 255.255.255.252
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination 123.345.67.89
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet4
description WAN
ip address 12.12.12.20 255.255.255.248
duplex auto
speed auto
ip nat outside
!
interface Vlan2
ip address 192.168.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 12.12.12.2
ip route 192.168.100.0 255.255.255.0 10.0.0.10
!
ip access-list extended NAT
permit ip 12.12.12.0 0.0.0.255 any
!

Thanks beforehands!

ghostinthenet · ‎10-08-2014

Everything looks good here, but the symptoms sound like the remote end is missing a return route for traffic. You should have something like this on the other router:

ip route 192.168.0.0 255.255.255.0 10.0.0.11

Can you verify that this route is present?

michael o'nan · ‎10-08-2014

Does your tunnel show up up on show ip interface brief?