Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

l2l VPN with NAT on Router

Hello together,

i have a problem with my VPN.

I have an 1811 Router and on the other side, there is an concentrator(customer).

I want to NAT the inside hosts to one public IP befor the tunnel.

i have attached the config.please have a look at the config and answer me, if the config works or if i have a problem.

Thanks a lot.


Re: l2l VPN with NAT on Router

Hi there, it looks ok except that you will most likely have a NAT problem.

You will probably end up NAT:ing all traffic, not only traffic to

In order to NAT based on destination addresses you should use route maps like this. From the top of my head:

access-list 108 permit ip any

route-map NAT-DST permit 10

match ip address 108

ip nat inside source route-map NAT-DST pool NATPOOL overload

Something like that

New Member

Re: l2l VPN with NAT on Router

Hi there.

You have created crypto map called Tunnel, yet applied Tunnelhp


interface FastEthernet0

no crypto map TUNNELHP

crypto map TUNNEL

I'd also like more clarification on the first reply.


Re: l2l VPN with NAT on Router


Yes, the names are wrong, I forgot to mention that in my post.

What I tried to explain was that when you do destination-based NAT you should use route-maps, because it will always create an extended translation entry.

That will ensure that the packet will only get NAT'd if it matches the route-map statement, even if there is already a NAT entry for the same local IP address.

NAT with an extended ACL will work in most situations, but it could fail as it sometimes creates only a simple translation entry.