01-12-2013 09:34 AM
I recently upgraded from a Cisco 3900 series router to a Cisco ASR1k router. Since the upgrade, I have internal clients who claim they cannot connect to external VPNs. These internal clients are behind a NAT that routes a public IP address to a group of clients with private IP addresses.
How can I ensure that all VPN traffic is able to pass through the NAT?
01-15-2013 04:54 PM
Hi there,
You could use the "show ip nat translations" to verify the current translations.
You could also use the "show crypto ipsec sa" to verify the SA´s for the specific tunnel.
Thanks.
Portu.
Rate any helpful posts
01-16-2013 05:06 AM
Hi iportugu,
"sh ip nat trans" verifies the NAT translation for the user(s) in question.
The second command displays is an unrecognized command.
Thanks,
Kent
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide