mojorisin44
IS-IT--Management
I have a DSL set up at our main site and another set up at a remote site. I have Cisco 1811 routers at both sites. I have the DSL Bridged and can reach the routers remotely. I have set up a VPN for the Site to Site and also the Easy VPN Server so that clients can connect. I can connect to the VPN from a client and through the site to site, but I can not access the internal headquarters LAN from the VPN Client nor from the remote site that sits behind the other 1811 router.
I have been led to believe that the problem is with the NAT setting, but everything I've tried thus far has not worked. The instructions I have are as follows:
*10.0.P.0 is the interal LAN at headquarters.
*11.0.P.0 is the pool of addresses for the VPN clients and remote site.
*Fa0/1 is the interface connected to the outside world.
Configure PAT
a. Define addresses to be translated by creating an extended access list.
RouterP(config)# access-list 150 permit ip 10.0.P.0 0.0.0.255 any
1. What is the purpose of this access list?
__________________________________________________________________________
Answer: This access list defines the range of IP addresses that will be translated when
PAT, or overloaded NAT, is configured.
b. Verify the access list created.
RouterP# show access-list
c. Now connect the access list to a NAT statement.
RouterP(config)#ip nat inside source list 150 interface
fastEthernet0/1 overload
d. Configure the router interface which is connected to the inside network and which interface is
connected to the outside.
RouterP(config)#interface fastEthernet0/0
RouterP(config-if)#ip nat inside
RouterP(config)#interface fastEthernet0/1
RouterP(config-if)#ip nat outside
THEN
a. Define the inside addresses to be translated while excluding the VPN traffic from translation.
First, clear the access list.
RouterP(config)# no access-list 150
RouterP(config)# access-list 150 deny ip 10.0.P.0 0.0.0.255 11.0.P.0
0.0.0.255 log
Note Notice that the local 10.0.P.0 network is define as the source and the 11.0.P.0 remote address pool is
the destination.
RouterP(config)# access-list 150 permit ip 10.0.P.0 0.0.0.255 any
Thats what I have. If it helps I'll copy a config. Any ideas?
I have been led to believe that the problem is with the NAT setting, but everything I've tried thus far has not worked. The instructions I have are as follows:
*10.0.P.0 is the interal LAN at headquarters.
*11.0.P.0 is the pool of addresses for the VPN clients and remote site.
*Fa0/1 is the interface connected to the outside world.
Configure PAT
a. Define addresses to be translated by creating an extended access list.
RouterP(config)# access-list 150 permit ip 10.0.P.0 0.0.0.255 any
1. What is the purpose of this access list?
__________________________________________________________________________
Answer: This access list defines the range of IP addresses that will be translated when
PAT, or overloaded NAT, is configured.
b. Verify the access list created.
RouterP# show access-list
c. Now connect the access list to a NAT statement.
RouterP(config)#ip nat inside source list 150 interface
fastEthernet0/1 overload
d. Configure the router interface which is connected to the inside network and which interface is
connected to the outside.
RouterP(config)#interface fastEthernet0/0
RouterP(config-if)#ip nat inside
RouterP(config)#interface fastEthernet0/1
RouterP(config-if)#ip nat outside
THEN
a. Define the inside addresses to be translated while excluding the VPN traffic from translation.
First, clear the access list.
RouterP(config)# no access-list 150
RouterP(config)# access-list 150 deny ip 10.0.P.0 0.0.0.255 11.0.P.0
0.0.0.255 log
Note Notice that the local 10.0.P.0 network is define as the source and the 11.0.P.0 remote address pool is
the destination.
RouterP(config)# access-list 150 permit ip 10.0.P.0 0.0.0.255 any
Thats what I have. If it helps I'll copy a config. Any ideas?
