hello, i have setup an ipsec vpn with a partner of mine that ask me to present my lan with this class 172.31.128.244/30 with a destination lana of 161.x.x.160/28.
then i configured an ippool nat for vpn:
ip nat pool VPNPool 172.31.128.245 172.31.128.246 prefix-length 30
ip nat inside source list 111 pool VPNPool
access-list 111 permit ip 10.0.0.0 0.0.0.255 161.x.x.160 0.0.0.15
in the same interface where the cripto-map for ipsec is applied there is a nat ouside that masquerade the internet access:
interface FastEthernet0
description WAN
ip address 10.10.10.254 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map psmdc-vpn
when i ping from my lana interface with 10.0.0.x it successful nat with the 172.31.128.x and i'm able to ping the destinations. but after the ping when i try to access internet with my nat overload on fe0/0 the router nat me with an ip pool from vpn.....
here is my nat:
access-list 110 deny ip 10.0.0.0 0.0.0.255 161.x.x.160 0.0.0.15
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
route-map NATuscita permit 10
match ip address 110
match interface FastEthernet0
can someone explain why this happens and provide a solution?
thanks a lot