cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3506
Views
5
Helpful
2
Replies

IOS Remote Access VPN Hairpinning

Peter Fiers
Level 1
Level 1

Hi,

I would like to access external resources (Internet) from the VPN client through the IOS VPN gateway. When I do 'deb ip cef pack di0 out rate 10', I see packets going from the Dialer0 interface to the Dialer0 interface which is correct:

Mar 24 05:47:11.589: CEF-Debug: Packet from 192.168.177.84 (Di0) to 62.159.x.y (Di0)

The connection is currently failing. The private IP here is the one of the RA VPN client. It's a NAT issue I suppose. Can I define an ip nat inside interface for the VPN clients somehow? Or am I totally wrong with that assumption?

The VPN gateway is a 871 router.

Thanks,

Peter

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

1) use virtual-template and configure "ip nat inside" in the virtual-template.

2) assign the virtual-template to isakmp profile

3) assign tunnel protection to the virtual template

Here is a sample configuration on DVTI:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.html

Hope that helps.

Perfect! Thanks!

The only thing is I couldn't gain access to the link, but I've found another one:

http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: