05-16-2019 05:45 AM - edited 02-21-2020 09:39 PM
Hi All,
I recently am trying to fix/trouble shoot a VPN client to site I configured on an ASR 1001. I had the configuration working then it stopped...Also the VPN works when its not going through NAT. However once I try connecting through NAT, I'm not even prompted for login, phase one of the session fails. Overall its a fairly simple configuration, although I've had issues with doing Port overload NAT since you cannot map NAT to the outside interface without DHCP failing...(I don't know if the mappings are related to this issue)
I've provided my current configurations and debugging logs. Please see attachments.
Thanks,
Matt
05-28-2019 07:07 AM
05-28-2019 11:01 AM
05-28-2019 11:11 AM
05-29-2019 07:59 AM
05-29-2019 09:01 AM - edited 05-29-2019 09:59 AM
Define a Loopback interface using a private 192.168.x.x IP address and use that as the unnumbered interface under the Virtual-Template rather than Gi0/0/1
Also remove the nat entry "access-list 110 permit ip any any" and add a specific nat entry for each of the VPN Pools, but above the last rule - deny
If that fails, yes provide the debug logs when nat is disabled.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide