Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Easy VPN Remote NAT Behavior

Hello,

Looking for some clarication on how Easy VPN hardware client (3725 router) behaves when connecting to the a server using the dynamic VTI feature. In my lab, the tunnel is up and working fine using a split tunnel acl pushed from the server. However, all other traffic (going towards the internet) is getting NAT translated automatically to the outside interface IP address, and there doesnt seem to be a way to shut that feature off. Is there a way to configure the non-tunnel traffic to get routed to the internet without being translated? Keep in mind this is a lab config, which is why I am attempting to route private IPs out into public IP space.

Thanks

client config:

crypto ipsec client ezvpn EZVPN_CLIENT

connect auto

group GROUP1 key CISCO

mode network-extension

peer 1.1.91.1

acl TUNNEL_MAP

virtual-interface 10

username CISCO_USER password CISCO_PASS

xauth userid mode local

crypto ipsec client ezvpn EZVPN_CLIENT

crypto ipsec client ezvpn EZVPN_CLIENT inside

Extended IP access list TUNNEL_MAP

    10 permit ip 10.1.0.0 0.0.255.255 172.16.0.0 0.0.255.255

interface Virtual-Template10 type tunnel

no ip address

tunnel mode ipsec ipv4

interface FastEthernet0/0

ip address 1.1.76.6 255.255.255.0

crypto ipsec client ezvpn EZVPN_CLIENT outside

interface FastEthernet0/1

ip address 10.1.63.6 255.255.255.0

crypto ipsec client ezvpn EZVPN_CLIENT inside

R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 5 subnets
C       1.1.76.0 is directly connected, FastEthernet0/0
R       1.1.80.0 [120/2] via 1.1.76.7, 00:00:11, FastEthernet0/0
R       1.1.87.0 [120/1] via 1.1.76.7, 00:00:11, FastEthernet0/0
R       1.1.91.0 [120/3] via 1.1.76.7, 00:00:11, FastEthernet0/0
R       1.1.98.0 [120/2] via 1.1.76.7, 00:00:11, FastEthernet0/0
S    172.16.0.0/16 [1/0] via 0.0.0.0, Virtual-Access2
     10.0.0.0/24 is subnetted, 2 subnets
D       10.1.30.0 [90/409600] via 10.1.63.3, 01:28:06, FastEthernet0/1
C       10.1.63.0 is directly connected, FastEthernet0/1
R6#

Everyone's tags (2)
181
Views
0
Helpful
0
Replies
CreatePlease to create content