Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT to internal hosts problem when connected through VPNSSL

Hello,

I have configured a VPNSSL on a Cisco 877. I am trying to access a internal LAN segment from users connected to context CONS. I am doing NAT overload to interface VLAN, and I can ping the VLAN interface itself, but not internal hosts.

Here is my config for interfaces, context and NAT:

interface Virtual-Template1

description $FW_INSIDE$

ip unnumbered Vlan199

no ip redirects

no ip proxy-arp

ip nat outside

ip virtual-reassembly

end

interface Vlan199

ip address X.X.X.240 255.255.255.0

ip nat inside

ip virtual-reassembly

end

ip nat inside source route-map NAT_C interface Vlan199 overload

route-map NAT_C permit 10

access-list 10 permit 192.168.63.0 0.0.0.255 log

ip local pool Pool_Cons 192.168.63.1 192.168.63.10

webvpn context cons

secondary-color white

title-color #669999

text-color black

ssl authenticate verify all

!

!

policy group policy_1

   functions svc-enabled

   svc address-pool "Pool_Cons"

   svc keep-client-installed

   svc split exclude local-lans

   svc split exclude X.X.X.201 255.255.255.255

virtual-template 1

default-group-policy policy_1

aaa authentication list ciscocp_vpn_xauth_ml_3

gateway gateway_1 domain cons

max-users 5

inservice

Any idea? Tried to configure myself and through Cisco CP, but no way to make it work.

Thanks in advance.

Everyone's tags (4)
296
Views
0
Helpful
0
Replies