Hi all,

This command appears to be missing from the new Cisco SOHO 97-K9 ADSL routers:

route-map nonat permit 10

The SOHO 97-K9 apparently supercedes the SOHO77H on which this command was previously available.

This command is apparently required to except the private network and VPN clients from the NAT process.

We are using these routers for VPN/FW and internet access.

Config as follows:

Current configuration : 2655 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service dhcp

!

hostname *****

!

enable secret 5 *****

!

ip subnet-zero

ip name-server *****

!

!

no aaa new-model

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key 0 ***** address 0.0.0.0 0.0.0.0

!

crypto isakmp client configuration group *****

key 0 *****

dns *****

domain *****

pool VPNPOOL

acl 110

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface Ethernet0

ip address 192.168.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 100 out

!

interface ATM0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface Dialer0

description MY ISP

ip address ***** 255.255.255.0

ip access-group 199 in

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname *****

ppp chap password 7 *****

ppp pap sent-username ***** password 7 *****

crypto map clientmap

!

ip local pool VPNPOOL 172.1.1.1 172.1.1.10

ip nat inside source list 1 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

ip access-list logging interval 2

access-list 1 permit *****

access-list 110 deny ip 192.168.10.0 0.0.0.255 172.1.1.0 0.0.0.255

access-list 110 permit ip 192.168.10.0 0.0.0.255 any

access-list 110 permit ip 172.1.1.0 0.0.0.255 any

access-list 199 permit tcp any host ***** eq 500

access-list 199 permit udp any host ***** eq isakmp

access-list 199 permit tcp any any eq www

access-list 199 permit tcp any any eq smtp

access-list 199 permit tcp any any eq pop3

access-list 199 permit tcp any host 192.168.10. ***** eq 5631

access-list 199 permit tcp any host 192.168.10. ***** eq 5632

access-list 199 permit tcp any host 192.168.10. ***** eq 9976

access-list 199 permit tcp any host 192.168.10. ***** eq 9977

access-list 199 permit tcp any host 192.168.10. ***** eq 2000

dialer-list 1 protocol ip permit

no cdp run

!

line con 0

exec-timeout 120 0

password 7 *****

logging synchronous

login

no modem enable

stopbits 1

line aux 0

line vty 0 4

exec-timeout 120 0

password *****

logging synchronous

login

!

scheduler max-task-time 5000

!

end

Could anyone offer any advice to resolve this issue please?

Many thanks in advance.

Mick