My primary site router is terminating an ipsec vpn tunnel to another remote site.
The users are natted at the firewall to the router with 172.22.55.0 /24 i.e the remote site has this route on their routing table. they go via the VPN tunnel and everything is working fine here.
My secondary site now needs to connect to the remote site. I have created another ipsec tunnel from the primary site to the secondary site So that users from the secondary site will access the remote site via two tunnels.
new site----> site 1---> remote site
because of the routing at the remote site I have no choice but to nat the new users to the same IP range.
I created a loopback and give an ip address of 172.22.55.194/32
I used an access list to match 172.17.68.124/32 ( Test PC ) going to the destination 172.22.40.12 ( Remote server) and route traffic to the loopback interface ,comming from the interface connecting to the internet,using PBR.
loopback 0 is nat outside overload and the internet interface is nat inside.
The problem is that I can see traffic being matched by the acl for the route-map but no traffic lands on the loopback interface and not being natted.
Please have a look at the configuration and show outputs .
Re: PBR, NAT on a stick for two VPN tunnels problem
I think I understand what you are suggesting ! but on this VPN router I have another 20 VPN tunnels , if I have the route as suggested via the looop will that effect other traffic ? I can't straight away put that cause its on a production network.
the primary crypto map is already on th external interface but will the map on the loopback override the primary crypto map?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...