Hello all,

This is my first post on a forum so bare with me

Here's my setup.

Site A:  1811 with ipsec VPN to Site B and Site C

inside 192.168.100.0 /24

Site B:  1811 with ipsec VPN to Site A

inside  192.168.10.0 /24

Site C:  1811 with ipsec VPN to Site A

inside  192.168.10.0 /24

Sites B and C do not have connectivity, nor do they need to.

Because Sites B and C have overlapping subnets I am attempting to NAT the entire inside network of Site C via a nat pool and route-map.

We are overloading for internet connectivity at each site.

The tunnel between Sites A and C becomes active only when initiated from Site C (where I am nat'ing the entire inside subnet).  I can ping and telnet from Site C to Site A successfully.

However, I cannot ping or telnet from Site A to Site C even after the tunnel is established.

I am using a NAT pool with 'match-host' and route-map in Site C.  I can see the nat translation table in Site C shows the proper nat's but only when initiated from Site C.  The nat table is blank when initiating the traffic from Site A.

What am I missing?

Any help is GREATLY appreciated.  I've been banging my head against this for the better part of a week.  I think I have the configuration correct according to what I've read online.

The ACL's and NO-NAT entries seem to be correct considering I do have connectivity from one side.  This seems like a NAT issue whereas the NAT is never created unless the traffic is initiated from Site C where the NAT is configured.

Please let me know if you need additional information or config's.