08-04-2010 07:37 AM
Hello,
I am trying to set up a site to site vpn tunneling all traffic through the vpn tunnel to the main site. I have looked at the forum posts many times but apparently too dense to see what is needed. The tunnel comes up and i can pass traffic across the tunnel for the private lan...but internet traffic does not traverse the tunnel. I cant help but think it is a nat issue but do not understand why.
Any help will be appreciated.
here is the relevant configs;
remote site: 871 router
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 2
crypto isakmp key ********* address 207.xx.xx.xx
crypto ipsec transform-set esp-aes esp-aes 256 esp-sha-hmac
crypto map vpn 10 ipsec-isakmp
set peer 207.xx.xx.xx
set transform-set esp-aes
match address VPNTRAFFIC1
ip nat inside source list NONAT interface FastEthernet4 overload
08-04-2010 08:11 AM
The reason why internet traffic is not working is because you have configured NONAT for traffic from 192.168.10.0/24 subnet towards everything. To browse the internet, traffic needs to be PATed.
Here is what needs to be configured for the NONAT access-list:
08-04-2010 09:29 AM
thanks for the follow up....that configuration doesnt force all traffic through the tunnel. The lan on the router side
goes to the internet from their isp connection rather than through the tunnel to the HQ and out that internet
connection.
Any additional thoughts?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide