zizoudevinci
IS-IT--Management
hi everybody
i have configured my router to nat overload trafic to access internet and static nat for my vpn tunnel because the vpn is created by an ASA dehind the router
the problem is i cannot ping the other side of the link and even my owne interface.
but as soon as i remove this line
ip nat inside source static 172.16.2.1 172.16.1.1 route-map MAP-NAT-1
everything goes well
i cannot remove it since it is necessary and i cannot ping
can sommebody help me to find a solution
here is the configuration
-------------------------------------------------------
interface FastEthernet0/0
ip address 172.16.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Serial1/0
ip address 172.16.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no fair-queue
serial restart-delay 0
ip route 192.168.10.0 255.255.255.0 172.16.2.1
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip nat inside source list ACL-NAT interface Serial1/1 overload
ip nat inside source static 172.16.2.1 172.16.1.1 route-map MAP-NAT-1
ip access-list standard ACL-NAT
permit 192.168.10.0 0.0.0.255
!
ip access-list extended ACL-NAT-1
permit esp host 172.16.2.1 host 172.16.1.2
permit udp host 172.16.2.1 host 172.16.1.2 eq isakmp
permit udp host 172.16.2.1 host 172.16.1.2 eq non500-isakmp
route-map MAP-NAT-1 permit 10
match ip address ACL-NAT-1
------------------------------------------------------------
i need the ping to performe some sla tracking and see if my link ok
thanks for all
i have configured my router to nat overload trafic to access internet and static nat for my vpn tunnel because the vpn is created by an ASA dehind the router
the problem is i cannot ping the other side of the link and even my owne interface.
but as soon as i remove this line
ip nat inside source static 172.16.2.1 172.16.1.1 route-map MAP-NAT-1
everything goes well
i cannot remove it since it is necessary and i cannot ping
can sommebody help me to find a solution
here is the configuration
-------------------------------------------------------
interface FastEthernet0/0
ip address 172.16.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Serial1/0
ip address 172.16.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no fair-queue
serial restart-delay 0
ip route 192.168.10.0 255.255.255.0 172.16.2.1
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip nat inside source list ACL-NAT interface Serial1/1 overload
ip nat inside source static 172.16.2.1 172.16.1.1 route-map MAP-NAT-1
ip access-list standard ACL-NAT
permit 192.168.10.0 0.0.0.255
!
ip access-list extended ACL-NAT-1
permit esp host 172.16.2.1 host 172.16.1.2
permit udp host 172.16.2.1 host 172.16.1.2 eq isakmp
permit udp host 172.16.2.1 host 172.16.1.2 eq non500-isakmp
route-map MAP-NAT-1 permit 10
match ip address ACL-NAT-1
------------------------------------------------------------
i need the ping to performe some sla tracking and see if my link ok
thanks for all