Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
5
Helpful
1
Replies

VPN with NAT problems

samiraa02
Level 1
Level 1

‎05-08-2017 12:17 AM

Please find attached configs.

Unable to establish a site-to-site vpn, having trouble.

Does anyone know how to solve this issue.

Labels:
Preview file
9 KB
Preview file
7 KB
0 Helpful
1 Reply 1

Spooster IT Services
Level 7
Level 7

‎05-08-2017 02:19 AM

Hi samiraa02,

You need to modify ACL that is used for PAT, in which you have to deny traffic from local subnet to VPN remote subnet and permit all the remaining traffic in this ACL.

According to current configuration whole traffic from local LAN subnet gets PATTED to WAN IP address and forwarded to ISP instead of specific traffic going through VPN.


Following are the changes required on ASRouter_Albany Router:

no access-list 1
!
access-list 100 deny ip 192.168.16.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
!
no ip nat inside source list 1 interface Dialer0 overload
!
ip nat inside source list 100 interface Dialer0 overload
!

Following are the changes required on ASRouter_Acacia Router:

no ip access-list standard NAT-PERMIT
!
ip access-list extended NAT-PERMIT
deny ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 any
!
ip nat inside source list NAT-PERMIT interface Dialer0 overload
!

If this is helpful please give a thumbs up. :-)

Spooster IT Services Team
Customers Also Viewed These Support Documents