Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
0
Helpful
2
Replies
ALTARRCBANK
Beginner
Beginner
‎10-07-2014 04:14 AM
‎10-07-2014 04:14 AM

cisco 881, nat and tunnel

Hello!
I ask your advices! 
I have Cisco 881, which is connected to the Internet. 
There is a VPN-tunnel on it to a host. 
command "Ping" from 881 to this host is working. But from the PC behind the cisco is not going.
I see the Internet, but not the host.

 

That is my config:

version 15.2
!
interface Tunnel0
description --=VPN=--
ip address 10.0.0.11 255.255.255.252
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination 123.345.67.89
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet4
description WAN
ip address 12.12.12.20 255.255.255.248
duplex auto
speed auto
ip nat outside
!
interface Vlan2
ip address 192.168.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 12.12.12.2
ip route 192.168.100.0 255.255.255.0 10.0.0.10
!
ip access-list extended NAT
permit ip 12.12.12.0 0.0.0.255 any
!

Thanks beforehands!

Labels:
0 Helpful
2 REPLIES 2
ghostinthenet
Rising star
Rising star
‎10-08-2014 07:43 AM
‎10-08-2014 07:43 AM

Everything looks good here, but the symptoms sound like the remote end is missing a return route for traffic. You should have something like this on the other router:

ip route 192.168.0.0 255.255.255.0 10.0.0.11

Can you verify that this route is present?

0 Helpful
michael o'nan
Enthusiast
Enthusiast
‎10-08-2014 10:15 AM
‎10-08-2014 10:15 AM

Does your tunnel show up up on show ip interface brief?

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad