Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN with NAT problems

Please find attached configs.

Unable to establish a site-to-site vpn, having trouble.

Does anyone know how to solve this issue.


Hi samiraa02,

Hi samiraa02,

You need to modify ACL that is used for PAT, in which you have to deny traffic from local subnet to VPN remote subnet and permit all the remaining traffic in this ACL.

According to current configuration whole traffic from local LAN subnet gets PATTED to WAN IP address and forwarded to ISP instead of specific traffic going through VPN.

Following are the changes required on ASRouter_Albany Router:

no access-list 1
access-list 100 deny ip
access-list 100 permit ip any
no ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 100 interface Dialer0 overload

Following are the changes required on ASRouter_Acacia Router:

no ip access-list standard NAT-PERMIT
ip access-list extended NAT-PERMIT
deny ip
permit ip any
ip nat inside source list NAT-PERMIT interface Dialer0 overload

If this is helpful please give a thumbs up. :-)