Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1682
Views
0
Helpful
3
Replies

Private IP to Private IP communication over VPN tunnel

Go to solution
dan731028
Level 1
Level 1

‎09-01-2011 07:21 AM

I am needing to setup communication between my local LAN segment and a remote LAN segment using private IP addresses.  We currently have a VPN tunnel up between the two sites, and we currently NAT our private traffic to a public IP and send that over to another public NAT on the remote site.  I am unable to see traffic from the remote site via private IP and when I use packet tracer in the ASDM, the packet is dropped at the first "VPN" statement.  Anything I need to do different since I am using a NAT exempt statement?

pt_pbt_fail2.jpg

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
raga.fusionet
Level 4
Level 4

‎09-01-2011 02:37 PM

Daniel,

Have you modified your crypto ACLs so that they include the private LANs as well?

Right now they are probably configured to use the public IP Addresses but how about the Private ones?

Please check this and let us know what you find.

Thanks.

Raga

View solution in original post

0 Helpful

Go to solution
ugot2nome
Level 1
Level 1

‎09-02-2011 07:40 AM

The ACL in your NAT Exemption should reference the private IP addresses on both sides. Also ensure that you either have a route for the destination address (remote private IP space) on each end pointing to the next hop public IP address of the outgoing (WAN) interface OR configure a reverse-route under the CRYPTO map that is applied to the outside interface. Verify ISAKMP is enabled on the outside interface. crypto iskamp enable outside.

Hope it works. If not attach a copy of the configuration files for further review.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
raga.fusionet
Level 4
Level 4

‎09-01-2011 02:37 PM

Daniel,

Have you modified your crypto ACLs so that they include the private LANs as well?

Right now they are probably configured to use the public IP Addresses but how about the Private ones?

Please check this and let us know what you find.

Thanks.

Raga

0 Helpful

Go to solution
ugot2nome
Level 1
Level 1

‎09-02-2011 07:40 AM

The ACL in your NAT Exemption should reference the private IP addresses on both sides. Also ensure that you either have a route for the destination address (remote private IP space) on each end pointing to the next hop public IP address of the outgoing (WAN) interface OR configure a reverse-route under the CRYPTO map that is applied to the outside interface. Verify ISAKMP is enabled on the outside interface. crypto iskamp enable outside.

Hope it works. If not attach a copy of the configuration files for further review.

0 Helpful

Go to solution
dan731028
Level 1
Level 1
In response to ugot2nome

‎09-02-2011 08:13 AM

Thanks guys, we had an incorrect NAT statement.

0 Helpful
Customers Also Viewed These Support Documents