10-24-2017 04:23 AM - edited 03-12-2019 04:39 AM
Hi all
I am trying to configure ipse tunnel to remote site (ASA5505) from a ISR router 4331 with source NAT. The IPSEC part alone is working, but when I add source NAT functionality, it won´t work. Here is my config:
Any help would be appreciated!
!
!
crypto map s2s 80 ipsec-isakmp
set peer 13x.x.x.x
set transform-set HE-NAT-TEST
set isakmp-profile HE-NAT-TEST
match address HE-NAT-TEST
!
!
interface Loopback0
ip vrf forwarding I-HE-INSIDE-1
ip address 10.68.5.1 255.255.255.0
!
interface GigabitEthernet0/0/1.2838
encapsulation dot1Q 2838
ip vrf forwarding I-HE-INSIDE-1
ip address 100.68.38.67 255.255.255.248
ip nat inside
standby 3 ip 100.68.38.66
standby 3 timers msec 500 3
standby 3 priority 120
standby 3 preempt
standby 3 name HSRP-HE-INSIDE-1
standby 3 track 2 decrement 50
!
ip nat inside source list HE-ALLOW-NAT interface Loopback0 overload
!
ip route vrf I-HE-INSIDE-1 10.68.5.1 255.255.255.255 GigabitEthernet0/0/0 18x.x.x.x
!
ip access-list extended HE-ALLOW-NAT
permit ip host 10.90.4.217 host 10.68.4.2
ip access-list extended HE-NAT-TEST
permit ip host 10.68.5.1 10.68.4.0 0.0.0.255
!
Solved! Go to Solution.
10-25-2017 03:38 PM
Hello @sfanayei
Config 'ip nat outside' on the interface Loopback0.
-If I helped you somehow, please, rate it as useful.-
10-25-2017 03:38 PM
Hello @sfanayei
Config 'ip nat outside' on the interface Loopback0.
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide