cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
332
Views
0
Helpful
0
Replies
xoma686555
Beginner

Hardware VPN Client Behind NAT

Hi!

I have an issue while connecting from a Hardware VPN Client, sitting behind the NAT - it only receives the 1-st route from 3, configured in the split-tunnel ACL on the Easy VPN Server:

EZ_CLNT#sho cry sess

Crypto session current status

Interface: FastEthernet0/0

Session status: UP-ACTIVE

Peer: <VPN-SRV-IP> port 4500

IKE SA: local 192.168.5.2/4500 remote 192.168.35.2/4500 Active

IKE SA: local 192.168.5.2/4500 remote 192.168.35.2/4500 Inactive

IPSEC FLOW: permit ip 172.16.3.0/255.255.255.0 172.16.2.0/255.255.255.0

Active SAs: 2, origin: crypto map

Interface: FastEthernet0/0

Session status: DOWN

Peer: 192.168.35.2 port 500

IPSEC FLOW: permit ip 172.16.3.0/255.255.255.0 172.16.5.0/255.255.255.0

Active SAs: 0, origin: crypto map

IPSEC FLOW: permit ip 172.16.3.0/255.255.255.0 172.16.6.0/255.255.255.0

Active SAs: 0, origin: crypto map

I've tried to connect from a Client with a Public IP - it works ok, all 3 routes are correctly installed. Why is this this happening?

0 REPLIES 0