Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L IPsec VPN with Policy NAT

Hello All,

I am having some issue with L2L IPsec with policy nat. I can not ping any host on both side of the tunnel. Tunnel is establish with no problem but there is no traffic going through. If I take off the policy nat, everything works fine. How can I make it work with policy nat. I've attached the configuration for both asa. Attachment file name - bothASAconfig.txt.

Please help!

Thanks,

1 REPLY
Green

Re: L2L IPsec VPN with Policy NAT

When you add the policy nat you need to remove the nat exemption. Nat exemption always happens first, so as long as it's there, your policy nat won't happen.

no access-list inside_nat_exempt extended permit ip 10.1.0.0 255.255.255.0 10.198.0.0 255.255.255.0

509
Views
5
Helpful
1
Replies