How to set the Source IP for all outgoing packets?

jennyjohn · ‎03-13-2011

I have a Site to Site VPN terminated on routers at either end. On the remote end router I have a data VLAN configured on the router.

interface Vlan 49
ip address 192.168.49.254 255.255.255.0

The intresting traffic access-list only allows 192.168.49.0/24 network thru the VPN tunnel.
access-list 100 permit ip 192.168.49.0 0.0.0.255 any

Since the router outside interface IP address is 10.80.200.1/29, I am unable to ping, tftp, or reach tacacs acs server's on the other side, because the source ip (10.80.200.1) is not permitted thru the tunnel.

If I enter the source address as 192.168.49.254 when I ping, it works.
for TACACS+, I have to enter
ip tacacs source-interface Vlan49

for TFTP access
ip tftp source-interface Vlan49

Is there any method to set the source ip as Vlan49 for all outgoing packets.

Thanks in advance.

Mahesh Gohil · ‎03-13-2011

Hi,

you can take help of Natting.

Regards

mahesh

cadet alain · ‎03-14-2011

Hi,

The intresting traffic access-list only allows 192.168.49.0/24 network thru the VPN tunnel.
access-list 100 permit ip 192.168.49.0 0.0.0.255 any

change your crypto ACL to permit the traffic from router to ACS. don't forget to change on other side to mirror.

Regards.

Alain.

Don't forget to rate helpful posts.

jennyjohn · ‎03-14-2011

Thanks Alain for the reply, but the ACS is at the headend side and is already included in the ACL by "any".

I had thought about adding the router outer interface subnet in the ACL so that packets with source IP of output interface IP is permitted at the headend side. Since it a live connection, I didn't want to mess with the ACL.

Is there any other method of changing the source interface to vlan 49 for all outgoing TCP connections?