Solved: Re: L2L VPN NAT Problem-Dup Networks-HELP!! - Page 2

toddmanger · ‎10-21-2011

I am running an IOS router as an L2L VPN device to connect my location to multiple different customer locations, some of whom utilize the same internal IP addresses. These VPN's have been working fine.

I recently added another customer to this system and I am now having a problem with the newest setup. With this setup, I have to NAT my internal addresses. NAT functions correctly, but it NATs my addresses to the wrong NAT pool and therefore wont generate the tunnel.

My internal ip 10.10.x.x

Incorrect NAT pool 10.129.x.x

Correct NAT pool 10.99.x.x

Help....:)

Thanks

toddmanger · ‎10-27-2011

I am all set. The tunnel is up and running.

Thank you for all your help!

Eugene Khabarov · ‎10-27-2011

Glad to help you. You can also mark my answer as "Correct answer", hope your customers will be doing well.

toddmanger · ‎10-27-2011

Hey Eugene,

Can I ask one more favor? I want to make sure I understand why this happened and I believe I know the answer. I think that if I left the ME-NAT-ACL alone with all those previous statements and added deny ip any any at the end, I would have seen all the traffic that was never making it out of that ACL.

The favor is: Can you walk me through what happens during this entire process; i.e what happens from initial ping to successful tunnel? I want to understand how I missed this and something in my memory of this process is not correct.

Eugene Khabarov · ‎10-27-2011

I think this document describing NAT order of operations will be very helpful for your understanding:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

It will describe better than me. But if you still will be having questions, don't hesitate to ask, I will try to answer it.

___

HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer"