cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1302
Views
0
Helpful
5
Replies

ASR IPSEC client to site NAT issues

Matt Kahle
Level 1
Level 1

Hi All,

 

I recently am trying to fix/trouble shoot a VPN client to site I configured on an ASR 1001. I had the configuration working then it stopped...Also the VPN works when its not going through NAT. However once I try connecting through NAT, I'm not even prompted for login, phase one of the session fails. Overall its a fairly simple configuration, although I've had issues with doing Port overload NAT since you cannot map NAT to the outside interface without DHCP failing...(I don't know if the mappings are related to this issue)

 

I've provided my current configurations and debugging logs. Please see attachments. 

 

Thanks,

Matt

 

 

 

 

 

 

5 Replies 5

Matt Kahle
Level 1
Level 1
Hi all,

Does anyone have any Idea of what I should check, I'm completely stuck.

Thanks,
Matthew Kahle

Hi,
Are you referring to the NAT you've configured on the ASR or NAT configured on another device in front of the ASR?

The NAT that's configured on the ASR.

Would it be helpful if I provide success logs without the NAT in place?

Define a Loopback interface using a private 192.168.x.x IP address and use that as the unnumbered interface under the Virtual-Template rather than Gi0/0/1

 

Also remove the nat entry "access-list 110 permit ip any any" and add a specific nat entry for each of the VPN Pools, but above the last rule - deny

If that fails, yes provide the debug logs when nat is disabled.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: