Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
2
Replies

How to ensure all VPN traffic will pass through router

ynyng
Level 1
Level 1

‎01-12-2013 09:34 AM

I recently upgraded from a Cisco 3900 series router to a Cisco ASR1k router. Since the upgrade, I have internal clients who claim they cannot connect to external VPNs. These internal clients are behind a NAT that routes a public IP address to a group of clients with private IP addresses.

How can I ensure that all VPN traffic is able to pass through the NAT?                   

Labels:
0 Helpful
2 Replies 2

Javier Portuguez
Level 9
Level 9

‎01-15-2013 04:54 PM

Hi there,

You could use the "show ip nat translations" to verify the current translations.

You could also use the "show crypto ipsec sa" to verify the SA´s for the specific tunnel.

Thanks.

Portu.

Rate any helpful posts

0 Helpful

ynyng
Level 1
Level 1
In response to Javier Portuguez

‎01-16-2013 05:06 AM

Hi iportugu,

"sh ip nat trans" verifies the NAT translation for the user(s) in question.

The second command displays is an unrecognized command.

Thanks,

Kent

0 Helpful
Customers Also Viewed These Support Documents