I have an IPSec VPN and NAT configured. Return traffic from an internal NAT host seems to be blocked by the WAN inbound ACL. What is the proper way to allow return traffic from the Internet for this internat NAT host? Note: As a test, removing the deny entry on the WAN ACL allows return traffic.
Below is config detail and a console log entry.
encapsulation dot1Q 2
ip address 192.168.10.252 255.255.255.0
ip nat inside
ip address 207.xx.xx.02 255.255.255.240 secondary
ip address 207.xx.xx.xx 255.255.255.240
ip access-group WAN in
ip nat outside
crypto map 3377
ip nat pool Corp 207.xx.xx.02 207.xx.xx.02 netmask 255.255.255.240
ip nat inside source route-map SDM_RMAP_1 pool Corp overload
Thanks. I went with CBAC. Yes, it was more simple to configure. Traffic is now returning!
I see the VPN traffic is getting inpsected (I put the CBAC on the Outside Interface - Outbound). Is there a way to skip the inspecting of VPN traffic, assuming it is using CPU cycles unnessarily to inpsect this traffic?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...