11-08-2015 06:05 PM - edited 03-05-2019 02:42 AM
We have lots of IPSec tunnels that connect our main site to remote sites using internal (private) IP addresses on both ends. All of these locations are working fine. We were recently tasked with creating a VPN tunnel for a certain company, but this time it was different. They wanted a couple of their external (routable) IP address in the tunnel on their side and a server on our side that has been NAT'ed out. The tunnel came up and I can ping their servers fine from my server. However, they cannot ping my server from their server. They can see their outgoing packets increasing, but not their incoming packets. I believe this is a problem with how I have NAT setup on our end. I did some reading an see mentions of "U-turns", but I haven't been able to figure it out. Please note, we have other servers that are NAT'ed out and they can be access fine from outside. In fact, the server in question can be accessed fine from outside - the problem only occurs when the specific company tried to access it from within their VPN tunnel. Any help would be greatly appreciated. Thanks.
11-10-2015 08:33 AM
Hello
Is it possible be the return server traffic getting routed/natted to the outside instead of going back over the vpn?
Have a look at this link from Jon Marshall it could be useful
https://supportforums.cisco.com/discussion/12544291/ipsec-ip-nat-inside-source-static
res
paul
11-10-2015 02:13 PM
I guess it's possible. How can I check that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide