Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
10
Helpful
1
Replies

EzVPN Clients configured with NEM cannot access the Internet

guraymon
Cisco Employee
Cisco Employee

‎02-18-2019 12:10 PM - edited ‎02-18-2019 12:34 PM

I have EzVPN setup on remote sites with Network Extension mode configured on Cisco 891w to access the Main office and that is working just fine. However, my users sitting at the 3 remote offices cannot reach the Internet with this setup.

 

I tried configuring Split Tunnel with no success. When I configured Split-Tunneling, the DHCP Servers in the main office were no longer assigning IP addresses to my remote office phones so I removed the split tunneling. Split Tunneling is still a viable option if I can get it to work with every other service I am running.

 

I decided to try to give them Internet access through the EzVPN tunnel by using the Internet Access at the head office. I configured an ACL that permits those remote subnets to access the Internet and then configured the overload interface for the NAT outside. Not sure what I am missing here.

 

The main office uses various Subnets in the 10.0.0.0/16 IP space and my remote offices are using 10.7.x.x/24 Subnets.

 

My remote users use Cisco 891w and my main Campus uses a Cisco CSR.

 

Thanks for any help you can provide

 

Ezvpn with NEM.jpg

Ezvpn with NEM.jpg

Labels:
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎02-20-2019 06:22 AM

Can you share the configs from a branch and the head office? You might need to create a NAT on a stick configuration on the headend to allow your EZVPN clients to go out through the external circuit. An old example for this is given below:

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/6505-nat-on-stick.html

 

Customers Also Viewed These Support Documents