Hi,

I've just setup a (static) site-to-site IPsec vpn between to ios routers. It works fine for traffic sent to those routers.

Traffic generated by the routers (ie ping or dns requests) goes into the tunnel with the IP address of the outside interface:

Extract of the config:

interface FastEthernet 0

ip address 172.16.1.0 255.255.255.0

ip nat inside

...

interface Dialer 0

ip nat outside

...

crypto map vpn

...

crypto map vpn

set peer 213.XX.XX.XX

set transform-set ESP-3DES-SHA1

match address 124

...

access-list 124 permit ip 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.255

access-list 102 deny ip 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.255

access-list 102 permit ip 172.16.1.0 0.0.0.255 any

...

ip nat inside source route-map rmap interface Dialer0 overload

...

route-map rmap permit 1

match ip address 102

And now, to the evidence, pinging from routerB to a host "behind" routerA, gives the following debug message:

000720: *Mar 5 16:12:27.586 PST: IP: tableid=0, s=75.XX.XX.XX

(local), d=172.16.10.170 (Dialer0), routed via RIB

000721: *Mar 5 16:12:27.586 PST: IP: s=75.XX.XX.XX (local),

d=172.16.10.170 (Dialer0), len 100, sending.

75.XX.XX.XX is the ip address of the outside interface (Dialer0) as given by the ISP.

Any idea how to send router traffic with the 172.16.1.1 ip address ?

This is important as otherwise it isn't possible to use split dns (as in http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00806bd780.html)

Thanks,

Regards,

Brice