Solved: Hi Ge Qu,

Ge Qu · ‎03-07-2017

Hi,

I implemented a site to site VPN to another site and when I do "sh crypto isakmp sa", I see the peer showing and state is active.

My basic setting is to have my internal IPs nated to an public IP and there is an access list to allow all the traffice going to another site nated and transferred via the VPN tunnel but it's not working.

When I try to access anything that is supposed to reach via VPN, it's not going and always use the local address instead of nat to the global IP.

There is only one loopback IP that used for testing can be reached via VPN tunnel and I see the NAT is working well.

I have no idea where to start to trouble shoot.

Please help.

Thank you.

JP Miranda Z · ‎03-07-2017

Hi Ge Qu,

You can start the ip nat translations and making sure the nat is being used, also you can check the sh crypto ipsec sa to make sure the traffic is being encrypted and decrypted.

You can attach a sanitized config here so i can take a look.

Hope this info helps!!

Rate if helps you!!

-JP-

View solution in original post

JP Miranda Z · ‎03-07-2017