Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


I have trouble with a router config that should allow the following:

A user connects into the router via an L2TP session to a virtual-template interface. There she/he gets a private IP address and should be able to connect to the internet. To allow this I want to use NAT overload.

I have succeeded in setting up the connection so far, IP address assignment is ok, the client even can ping internal interfaces like loopback or fastEthernet. Only the NAT towards the internet does not work.

My NAT config looks like this:

interface FastEthernet0/0

description Link to local LAN

ip address

duplex auto

speed auto


interface FastEthernet0/1

description Link to Internet

ip address xx.xx.xx.x14

ip access-group ACL-OUT2IN in

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

no cdp enable

crypto map CR-MAP-FA0-1


interface Virtual-Template1

ip unnumbered FastEthernet0/1

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

peer default ip address dhcp-pool DHCP-POOL-CLIENT-VPN2

ppp authentication chap


ip route xx.xx.xx.x13

ip nat pool NAT-POOL1 xx.xx.xx.x15 xx.xx.xx.x15 netmask

ip nat source list ACL-CLIENT-VPN2 pool NAT-POOL1 overload


ip access-list standard ACL-CLIENT-VPN2


One of my questions is the role of 'ip unnumbered' on the virtual-template interface in conjunction with NAT. Does the setting of this interface influence any NAT decisions or is this rather neglecetable?

And the other question would be: why does it NOT work?

Thanks for any idea.

New Member

Re: VPDN with NAT

Found it out now.

I had to use an 'ip nat inside source list'. Even though the command created an NVI0 interface I still had to use 'ip nat inside/outside' on the interfaces to make it work.

CreatePlease to create content