Not all traffic passing with VPN

PETER KNOWLES · ‎12-26-2006

We have several Cisco routers in a hub/spoke setup (831s as spokes to a 1721 hub) with successfully established tunnels.

NAT translations are working (RDP from Internet to public IP tranlates OK and allows connection) with no issue.

All traffic is passing within the VPN with no problem, except where we have static NAT translations to an internal host.

Example:

RDP to a non-NAT translated host (LAN A private IP to hub LAN private IP) works well. (Indicates no problem with site-to-site VPN ACL)

In the case where the hub router NATs a public IP in a translation a private IP on its LAN, the remote site can only access the host via the public IP, not the private IP.

What is needed to pass traffic between VPN LANs where the end-point host is also statically NAT-ed?

ajagadee · ‎12-26-2006

Peter,

Have you configured NAT to be bypassed for the VPN Traffic.

Please refer the section "What about the static NAT though, why can I not get to that address over the IPsec tunnel?" in the below URL.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Regards,

Arul

** Please rate all helpful posts **

PETER KNOWLES · ‎12-26-2006

Yes.

If you refer to my original message RDP will pass over the VPN in the case where we do not have an external (public) IP address translation in place: 'RDP to a non-NAT translated host (LAN A private IP to hub LAN private IP) works well.'