?
Solved

Cisco router IP nat rule entry - configuration failed!

Posted on 2014-09-03
3
Medium Priority
?
598 Views
Last Modified: 2014-09-03
I have a Cisco router which is currently sending all traffic down a VPN connection, we need to remove this and allow internet locally (in fact I have ten sites with a Cisco at each to do this at) on one of the routers if I add the following NAT statement

ip nat inside source list 1 interface Dialer1

I get "Configuration Failed!" - although it appears to have applied.

I can only get to the internet locally on the server at this site, the client PC's cannot.  All of the clients and server are connected to the same switch.  Its not a DNS issue as they cannot even ping. The server however can get to everything as per the other sites

If I remove the NAT rule and allow the clients to connect back to the VPN for internet they start working again.

I have successfully added the NAT rule to the other devices today and they have all worked fine, apart from this one.

I have compared configs and there are no ACL's that are any different.

I disabled the AV on the clients but it made no difference either.

I set one of the clients with a static IP and it also made no difference, then after about 10 mins it started working.  I switched it back to DHCP and it started failing again.  I switched it back to static and nothing.

The only difference from the other devices is the configuration failed! statement

Flat out of ideas....
0
Comment
Question by:DLeaver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 40301468
The first thing that you need to do is modify the VPN access list to make only the traffic that should be encrypted "interesting" -- which would be the internal networks of the remote end.

Second, you should be NAT excluding your VPN traffic.

Third, you should have NAT configured on the inside interface.

Fourth, you should specify NAT globally outside.

You don't have a configuration or the version that you are running so I cannot provide snippets.
0
 
LVL 12

Author Comment

by:DLeaver
ID: 40301521
As soon as I posted it hit me, the ACL 101 for the VPN traffic is still listed with the destination of "any"

I can get on their shortly so I will put it to the test
0
 
LVL 12

Author Closing Comment

by:DLeaver
ID: 40301551
Thank you - all working now

The extended ACL was the issue - removed and added the IP nat rule and now all the clients are working
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 14 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question