04-16-2018 01:44 PM - edited 03-08-2019 02:40 PM
Hello,
I am creating a lab network that has NAT and an IPsec tunnel.
Since implementing NAT both on a packet tracer activity and physical equipment, I have encountered issues with communication over the tunnel. Prior to applying NAT, I was able to ping the opposite end of the tunnel and communicate between client machines. Although the tunnel is up, I am unable to get communication though it. I have tried several iterations and troubleshooting steps, yet the reason why it doesn't work as expected currently remains a mystery to me.
I have attached a topology of the network with router configurations for inspection (the public IP addresses are randomly selected). Any assistance would be greatly appreciated.
Cheers,
Az
Solved! Go to Solution.
04-24-2018 08:27 AM
Az
If I understand correctly the VPN worked befoere the nat was added and broke when the nat was configured. So I have not looked closely at the general config and concentrated on the nat configuration. I believe that the configuration of nat on CBR-GW is done correctly which each ACL to control nat specifies a single source subnet (for example 192.168.0.0/22) and specifies multiple destination subnets. However the configuration of nat on SYD-GW is different and I believe that this is the issue. In the ACL to control nat on SYD the ACL specifies multiple source subnets and a single destination subnet. I believe that if you correct the ACLs for nat on SYD that your vpn should work.
HTH
Rick
04-24-2018 08:27 AM
Az
If I understand correctly the VPN worked befoere the nat was added and broke when the nat was configured. So I have not looked closely at the general config and concentrated on the nat configuration. I believe that the configuration of nat on CBR-GW is done correctly which each ACL to control nat specifies a single source subnet (for example 192.168.0.0/22) and specifies multiple destination subnets. However the configuration of nat on SYD-GW is different and I believe that this is the issue. In the ACL to control nat on SYD the ACL specifies multiple source subnets and a single destination subnet. I believe that if you correct the ACLs for nat on SYD that your vpn should work.
HTH
Rick
04-30-2018 07:08 AM
I am glad that my response pointed you toward the solution to this question. Thank you for marking this question as solved. This will help other readers in the forum to identify discussions that have helpful information. These forums are excellent places to ask questions and to learn about networking. I hope to see you continue to be active in the forums.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide