Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple Public IPs NAT site-to-site Tunnel

I think I'm missing something here. I've got 2 IOS routers 2811 (main) 1841 (remote) with an IPSEC tunnel between the 2. Everything was ok, until I added 2 public IPs to the router at the Main Branch, with a static NAT entry for each to 2 private servers. The tunnel is still up, and passing traffic from everything except the 2 servers with NAT entries. A trace route from these servers shows traffic destined for the remote network headed out to the internet, instaed of over the tunnel. I think I forgot to add an entry on an ACL, but I'm not sure. Any thoughts?


Re: Multiple Public IPs NAT site-to-site Tunnel

The NAT proccess occurs befor the crypto process. This is why you have to have a "no-nat" acl on routers or a nat (interface) 0 on pix and asa. For the traffic that needs to flow across the tunnel, deny the specfics in your nat acl first, and then make sure you have an encrypt-acl to permit it.

Hope this helps.

CreatePlease to create content