Hello everyone
I am executing FlexVPN Client in EZVPN Mode on a ISR4331 executing IOS-XE 16.06.05 Everest using the following FlexVPN Client profile:
crypto ikev2 client flexvpn SWX-IKEV2-FLEX-PROFILE
peer 1 10.10.10.1
peer 2 10.10.20.1
client inside Gi0/0/0
client connect Tunnel10
!
Gi0/0/0 interface has ip-address 10.10.30.1/24 configured and has the "ip nat-inside" feature enabled
Tunnel10 has its pushed IPsec address and has the "ip nat-outside" feature configured
NAT overload rules currently apply to Gi0/0/0's client subnet 10.10.30.0/24 only.
Source IP-addresses for clear-text traffic originated from the connected subnet 10.10.30.0/24 are correctly NATted to Tunnel10's IPsec address and then successfully encapsulated ==> so far, so good
Question:
Is it possible to source-NAT and encapsulate clear-text traffic originated from a client subnet routed over 10.10.30.100 as well? Or is that possible from directly connected inside interfaces only?
Thanks.
Best regards
Gianbattista