Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT to internal hosts problem when connected through VPNSSL


I have configured a VPNSSL on a Cisco 877. I am trying to access a internal LAN segment from users connected to context CONS. I am doing NAT overload to interface VLAN, and I can ping the VLAN interface itself, but not internal hosts.

Here is my config for interfaces, context and NAT:

interface Virtual-Template1

description $FW_INSIDE$

ip unnumbered Vlan199

no ip redirects

no ip proxy-arp

ip nat outside

ip virtual-reassembly


interface Vlan199

ip address X.X.X.240

ip nat inside

ip virtual-reassembly


ip nat inside source route-map NAT_C interface Vlan199 overload

route-map NAT_C permit 10

access-list 10 permit log

ip local pool Pool_Cons

webvpn context cons

secondary-color white

title-color #669999

text-color black

ssl authenticate verify all



policy group policy_1

   functions svc-enabled

   svc address-pool "Pool_Cons"

   svc keep-client-installed

   svc split exclude local-lans

   svc split exclude X.X.X.201

virtual-template 1

default-group-policy policy_1

aaa authentication list ciscocp_vpn_xauth_ml_3

gateway gateway_1 domain cons

max-users 5


Any idea? Tried to configure myself and through Cisco CP, but no way to make it work.

Thanks in advance.

Everyone's tags (4)