Hi, everybody!
I have a problem with configuring brach router 891 (with IOS v15.0(1)M).
I want to connect to HQ via EasyVPN connection (split-tunnel) and allow the local traffic to go directly to the Internet via NAT (PAT).
When the VPN connection goes up, NAT stops working and NAT translations don't appear in show ip nat translations. When the VPN connection goes down, NAT begins to work again.
Is it a bug or the intended IOS behavior?
See the fragment of 891's config:
version 15.0
hostname Branch
!
!
crypto ipsec client ezvpn EzVPN_to_CO
connect auto
group Branches key *****
mode network-plus
peer 99.99.99.99 default
acl VPN_ACL
virtual-interface 1
username Filial_Router password Filial_Router
xauth userid mode local
!
!
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface FastEthernet0/0
description ****** TO LOCAL NET *****
ip address 192.168.0.1 255.255.255.0
ip nat inside
crypto ipsec client ezvpn EzVPN_to_CO inside
!
interface Serial1/0
description ***** Primary Internet Channel ****
ip address 177.22.100.1 255.255.255.252
ip nat outside
crypto ipsec client ezvpn EzVPN_to_CO
!
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip tcp adjust-mss 1440
!
ip route 0.0.0.0 0.0.0.0 172.20.100.2 2 track 1
!
!
ip nat inside source route-map NAT1 interface Serial1/0 overload
ip nat inside source route-map NAT2 interface FastEthernet0/1 overload
!
ip access-list extended VPN_ACL
permit ip 192.168.85.0 0.0.0.255 any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Serial1/0
frequency 10
ip sla schedule 1 life forever start-time now
access-list 154 permit ip any any
!
!
!
route-map NAT1 permit 10
match ip address 154
match interface Serial1/0
!
route-map NAT2 permit 10
match ip address 154
match interface FastEthernet0/1
!
!
!
end
Hope for your assistance! Thanks!
