Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Problems with IPSec and static NAT

I have an IPSec tunnel up and running between two IOS-routers, and it works except for one host. I have a static NAT entry for this host so it can be addressed from the outside, but then the "internal" traffic wont go through the tunnel. How can I set this up so the traffic from this host not will be NAT:ed when it should go through the tunnel?

New Member

Re: Problems with IPSec and static NAT

You need to setup the access-list for the crypto map to only allow the specific protocols needed to go LAN to LAN. Remember, data is always NAT'd first, so you need to deny the traffic you need encrypted in your NAT ACL, then permit it in your crypto ACL.

New Member

Re: Problems with IPSec and static NAT

You need to establish an access-list that bypasses NAT for specific source or destination networks. Notice the use of a route-map with a network access-list that bypasses NAT.


CreatePlease to create content