I have trouble with a router config that should allow the following:

A user connects into the router via an L2TP session to a virtual-template interface. There she/he gets a private IP address and should be able to connect to the internet. To allow this I want to use NAT overload.

I have succeeded in setting up the connection so far, IP address assignment is ok, the client even can ping internal interfaces like loopback or fastEthernet. Only the NAT towards the internet does not work.

My NAT config looks like this:

interface FastEthernet0/0

description Link to local LAN

ip address 192.168.1.9 255.255.255.248

duplex auto

speed auto

!

interface FastEthernet0/1

description Link to Internet

ip address xx.xx.xx.x14 255.255.255.248

ip access-group ACL-OUT2IN in

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

no cdp enable

crypto map CR-MAP-FA0-1

!

interface Virtual-Template1

ip unnumbered FastEthernet0/1

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

peer default ip address dhcp-pool DHCP-POOL-CLIENT-VPN2

ppp authentication chap

!

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.x13

ip nat pool NAT-POOL1 xx.xx.xx.x15 xx.xx.xx.x15 netmask 255.255.255.248

ip nat source list ACL-CLIENT-VPN2 pool NAT-POOL1 overload

!

ip access-list standard ACL-CLIENT-VPN2

permit 172.31.0.0 0.0.255.255

One of my questions is the role of 'ip unnumbered' on the virtual-template interface in conjunction with NAT. Does the setting of this interface influence any NAT decisions or is this rather neglecetable?

And the other question would be: why does it NOT work?

Thanks for any idea.