02-04-2017 06:17 AM
Hello
I have a vpn configured between site A and the Corporate. The VPN is passing data, however users are unable to reach the internet.
The encryption domain specifies only 10.x.x.x from lan to lan. natting exempt.
What could be causing this issue?
02-04-2017 06:27 AM
Could you attach the sanitized config from both sides? If your nat exempt and crypto acls are correct, you should have Internet access at site A through its own ISP.
02-04-2017 07:24 AM
02-04-2017 08:38 AM
Looks like you are missing NAT on your remote device. You would need to create something like given in this doc:
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14132-ios-D.html
1) Create an ACL denying traffic between the routers LAN and remote corporate networks. Permit everything else from router LAN at the end of the ACL.
2) Add the ACL in the NAT overload statement
3) Add "ip nat inside/outside" on your LAN and WAN interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide