C876 IPSEC VPN with third party router (Draytek Vigor)
I have a sucessfull ipsec LAN-to-LAN vpn between a cisco (local) and a draytek (remote) routers. I can pass data between two LAN without problems,but...here start my problem. I would like access certain internet IPs from remote side through local internet connection but that not work, seems to be that cisco doesn't process the packets from remote side to internet.
Somebody have an scenario like this or similar and can help me?
Re: C876 IPSEC VPN with third party router (Draytek Vigor)
Do you know if those public addresses are assigned physically to those devices you want to reach? Tipically those ip addresses are only assigned via a one to one nat (as far as cisco perspective) so if when you send those via the tunnel the remote end does not really have those ip on their side then it will fail to connect. how are you defining your crypto maps? Have you included those public addresses on the match address?
access-list 103 deny ip 10.0.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 103 deny ip 10.0.0.0 0.0.255.255 host 22.214.171.124
access-list 103 permit ip 10.0.0.0 0.0.255.255 any
access-list 110 permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 110 permit ip 10.0.1.0 0.0.0.255 host 126.96.36.199
ip route 0.0.0.0 0.0.0.0 Dialer1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip nat inside source list 103 interface Dialer1 overload
Then, when I ping from a host on router B (10.0.1.2) to the ip 188.8.131.52, this packet flows via ipsec tunel and go out to internet trough router A but NAT doesn't work. I can see the packet on wan side with the private ip of original host instead the overload of Dialer1.
I think that this occurs because my Dialer1 is a outside interface and traffic from router B arrive via this one and go out to internet again trough Dialer1 without pass trough a nat inside interface.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...