Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN with NAT problems

Please find attached configs.

Unable to establish a site-to-site vpn, having trouble.

Does anyone know how to solve this issue.

1 REPLY

Hi samiraa02,

Hi samiraa02,

You need to modify ACL that is used for PAT, in which you have to deny traffic from local subnet to VPN remote subnet and permit all the remaining traffic in this ACL.

According to current configuration whole traffic from local LAN subnet gets PATTED to WAN IP address and forwarded to ISP instead of specific traffic going through VPN.


Following are the changes required on ASRouter_Albany Router:

no access-list 1
!
access-list 100 deny ip 192.168.16.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
!
no ip nat inside source list 1 interface Dialer0 overload
!
ip nat inside source list 100 interface Dialer0 overload
!

Following are the changes required on ASRouter_Acacia Router:

no ip access-list standard NAT-PERMIT
!
ip access-list extended NAT-PERMIT
deny ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 any
!
ip nat inside source list NAT-PERMIT interface Dialer0 overload
!

If this is helpful please give a thumbs up. :-)

1
Views
5
Helpful
1
Replies