cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1544
Views
5
Helpful
1
Replies

IPSEC tunnel with Source NAT in ISR router

sfanayei
Level 1
Level 1

Hi all

I am trying to configure ipse tunnel to remote site (ASA5505) from a ISR router 4331 with source NAT. The IPSEC part alone is working, but when I add source NAT functionality, it won´t work. Here is my config:

Any help would be appreciated!

!

 

!

crypto map s2s 80 ipsec-isakmp
set peer 13x.x.x.x
set transform-set HE-NAT-TEST
set isakmp-profile HE-NAT-TEST
match address HE-NAT-TEST

!
!

interface Loopback0
ip vrf forwarding I-HE-INSIDE-1
ip address 10.68.5.1 255.255.255.0

!

interface GigabitEthernet0/0/1.2838
encapsulation dot1Q 2838
ip vrf forwarding I-HE-INSIDE-1
ip address 100.68.38.67 255.255.255.248
ip nat inside
standby 3 ip 100.68.38.66
standby 3 timers msec 500 3
standby 3 priority 120
standby 3 preempt
standby 3 name HSRP-HE-INSIDE-1
standby 3 track 2 decrement 50

!

ip nat inside source list HE-ALLOW-NAT interface Loopback0 overload

!

ip route vrf I-HE-INSIDE-1 10.68.5.1 255.255.255.255 GigabitEthernet0/0/0 18x.x.x.x

!

ip access-list extended HE-ALLOW-NAT
permit ip host 10.90.4.217 host 10.68.4.2
ip access-list extended HE-NAT-TEST
permit ip host 10.68.5.1 10.68.4.0 0.0.0.255

!

 

 

1 Accepted Solution

Accepted Solutions

Hello @sfanayei

 Config  'ip nat outside' on the interface Loopback0.

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

View solution in original post

1 Reply 1

Hello @sfanayei

 Config  'ip nat outside' on the interface Loopback0.

 

 

 

 

-If I helped you somehow, please, rate it as useful.-