I have trouble with a router config that should allow the following:
A user connects into the router via an L2TP session to a virtual-template interface. There she/he gets a private IP address and should be able to connect to the internet. To allow this I want to use NAT overload.
I have succeeded in setting up the connection so far, IP address assignment is ok, the client even can ping internal interfaces like loopback or fastEthernet. Only the NAT towards the internet does not work.
My NAT config looks like this:
interface FastEthernet0/0
description Link to local LAN
ip address 192.168.1.9 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
description Link to Internet
ip address xx.xx.xx.x14 255.255.255.248
ip access-group ACL-OUT2IN in
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
crypto map CR-MAP-FA0-1
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
peer default ip address dhcp-pool DHCP-POOL-CLIENT-VPN2
ppp authentication chap
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.x13
ip nat pool NAT-POOL1 xx.xx.xx.x15 xx.xx.xx.x15 netmask 255.255.255.248
ip nat source list ACL-CLIENT-VPN2 pool NAT-POOL1 overload
!
ip access-list standard ACL-CLIENT-VPN2
permit 172.31.0.0 0.0.255.255
One of my questions is the role of 'ip unnumbered' on the virtual-template interface in conjunction with NAT. Does the setting of this interface influence any NAT decisions or is this rather neglecetable?
And the other question would be: why does it NOT work?
Thanks for any idea.