Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
3
Replies

VPN between Cisco 891 (site A) and 5555x - No internet access

Steve Coady
Level 1
Level 1

‎02-04-2017 06:17 AM

Hello

I have a vpn configured between site A and the Corporate. The VPN is passing data, however users are unable to reach the internet. 

The encryption domain specifies only 10.x.x.x from lan to lan. natting exempt. 

What could be causing this issue? 

sMc
Labels:
0 Helpful
3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

‎02-04-2017 06:27 AM

Could you attach the sanitized config from both sides? If your nat exempt and crypto acls are correct, you should have Internet access at site A through its own ISP.

0 Helpful

Steve Coady
Level 1
Level 1
In response to Rahul Govindan

‎02-04-2017 07:24 AM

Rahul

Thank you for the guidance.

please see attached configs

sMc
Preview file
5 KB
Preview file
3 KB
0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Steve Coady

‎02-04-2017 08:38 AM

Looks like you are missing NAT on your remote device. You would need to create something like given in this doc:

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14132-ios-D.html

1) Create an ACL denying traffic between the routers LAN and remote corporate networks. Permit everything else from router LAN at the end of the ACL.

2) Add the ACL in the NAT overload statement

3) Add "ip nat inside/outside" on your LAN and WAN interfaces.

0 Helpful
Customers Also Viewed These Support Documents