Cisco IOS - Traffic from VPN Clients to a nat interface

Discussion in 'Cisco' started by teodor, Aug 20, 2009.

  1. teodor


    Aug 19, 2009
    Likes Received:
    Cisco 3620 series router. IOS version: IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(9), RELEASE SOFTWARE (fc2)

    Network status:
    ethernet 0/0 - WAN interface with crypto map applied on it for vpn clients
    ethernet 0/1 - LAN_1 interface
    ethernet 0/2 - LAN_2 interface (all packets that reach this LAN must be natted behind ip from 0/2 interface)

    So far: vpn clients connect and have access to LAN_1
    from LAN_1 i have access to LAN_2 with nat rules

    Issue: VPN clients do not have access to LAN_2

    result of sh run with important data

    aaa new-model
    aaa authentication login vpnclient local
    aaa authorization network localgroups local
    aaa session-id common
    ip subnet-zero
    ip cef
    no ip domain lookup
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 20 3
    crypto isakmp client configuration group <>
    key <>
    dns <> <>
    domain <>
    pool adminpool
    acl 101
    crypto ipsec transform-set clienttransform esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10
    set transform-set clienttransform
    interface Ethernet0/0
    ip address <>
    ip access-group 155 in
    crypto map mymap
    interface Ethernet0/1
    ip address
    interface Ethernet0/2
    ip address <>
    ip nat outside
    no cdp enable
    ip local pool adminpool
    ip nat inside source list 110 interface Ethernet0/2 overload
    no ip http server
    no ip http secure-server
    ip classless
    ip route <gw for ethernet 0/0>
    access-list 101 permit ip <vpn class> <LAN_1 class>
    access-list 101 permit ip <vpn class> <LAN_2 class>
    access-list 110 permit ip <LAN_1 class> <LAN_2 class>
    access-list 110 permit ip <vpn class> <LAN_2 class>

    any ideas on how to make vpn clients have access to LAN_2 - their packets need to be natted on interface 0/2
    teodor, Aug 20, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.