About jeromy.codner

jeromy.codner · ‎07-08-2013

Hello, Looking for some clarication on how Easy VPN hardware client (3725 router) behaves when connecting to the a server using the dynamic VTI feature. In my lab, the tunnel is up and working fine using a split tunnel acl pushed from the server. However, all other traffic (going towards the internet) is getting NAT translated automatically to the outside interface IP address, and there doesnt seem to be a way to shut that feature off. Is there a way to configure the non-tunnel traffic to get routed to the internet without being translated? Keep in mind this is a lab config, which is why I am attempting to route private IPs out into public IP space. Thanks client config: crypto ipsec client ezvpn EZVPN_CLIENT connect auto group GROUP1 key CISCO mode network-extension peer 1.1.91.1 acl TUNNEL_MAP virtual-interface 10 username CISCO_USER password CISCO_PASS xauth userid mode local crypto ipsec client ezvpn EZVPN_CLIENT crypto ipsec client ezvpn EZVPN_CLIENT inside Extended IP access list TUNNEL_MAP 10 permit ip 10.1.0.0 0.0.255.255 172.16.0.0 0.0.255.255 interface Virtual-Template10 type tunnel no ip address tunnel mode ipsec ipv4 interface FastEthernet0/0 ip address 1.1.76.6 255.255.255.0 crypto ipsec client ezvpn EZVPN_CLIENT outside interface FastEthernet0/1 ip address 10.1.63.6 255.255.255.0 crypto ipsec client ezvpn EZVPN_CLIENT inside R6#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 5 subnets C 1.1.76.0 is directly connected, FastEthernet0/0 R 1.1.80.0 [120/2] via 1.1.76.7, 00:00:11, FastEthernet0/0 R 1.1.87.0 [120/1] via 1.1.76.7, 00:00:11, FastEthernet0/0 R 1.1.91.0 [120/3] via 1.1.76.7, 00:00:11, FastEthernet0/0 R 1.1.98.0 [120/2] via 1.1.76.7, 00:00:11, FastEthernet0/0 S 172.16.0.0/16 [1/0] via 0.0.0.0, Virtual-Access2 10.0.0.0/24 is subnetted, 2 subnets D 10.1.30.0 [90/409600] via 10.1.63.3, 01:28:06, FastEthernet0/1 C 10.1.63.0 is directly connected, FastEthernet0/1 R6#

Date Registered	‎07-08-2013 07:16 PM
Date Last Visited	‎06-05-2018 07:42 PM
Total Messages Posted	1

Easy VPN Remote NAT Behavior