Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Weird situation, please help!

Hey there!

Ok here is my situation....

I set a tunnel from my location to a remote location. However, when the remote location logs into the VPN, they are able to hit the machine, however the machine cant send anything back through the tunnel. I enabled NAT-T, but still no luck. I really need help and have no idea of what to do next. PLEASE HELP!!!

our remote location (which is logged into the VPN) can ping our site, but from our site, it cant ping back. THerefore no traffic will be coming back out. ANy ideas?

1 REPLY

Re: Weird situation, please help!

Disable NAT for the subnet that's going across the tunnel.

If you have NAT enabled, it'll try to go out your public interface. If you have a NAT acl, deny your site natting to the other side:

Your side: 10.1.1.0 Theirs: 10.20.5.0

deny ip 10.1.1.0 0.0.0.255 10.20.5.0 0.0.0.255

permit ip 10.1.1.0 0.0.0.255 any

The last line allows your side to NAT anywhere else.

HTH

John

HTH, John *** Please rate all useful posts ***
98
Views
0
Helpful
1
Replies
CreatePlease to create content