hello, i have setup an ipsec vpn with a partner of mine that ask me to present my lan with this class 172.31.128.244/30 with a destination lana of 161.x.x.160/28.

then i configured an ippool nat for vpn:

ip nat pool VPNPool 172.31.128.245 172.31.128.246 prefix-length 30

ip nat inside source list 111 pool VPNPool

access-list 111 permit ip 10.0.0.0 0.0.0.255 161.x.x.160 0.0.0.15

in the same interface where the cripto-map for ipsec is applied there is a nat ouside that masquerade the internet access:

interface FastEthernet0

 description WAN

 ip address 10.10.10.254 255.255.255.0

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

 crypto map psmdc-vpn

​when i ping from my lana interface with 10.0.0.x it successful nat with the 172.31.128.x and i'm able to ping the destinations. but after the ping when i try to access internet with my nat overload on fe0/0 the router nat me with an ip pool from vpn.....

here is my nat:

access-list 110 deny   ip 10.0.0.0 0.0.0.255 161.x.x.160 0.0.0.15

access-list 110 permit ip 10.0.0.0 0.0.0.255 any

route-map NATuscita permit 10

 match ip address 110

 match interface FastEthernet0

can someone explain why this happens and provide a solution?

thanks a lot