Cisco router IP nat rule entry - configuration failed!

I have a Cisco router which is currently sending all traffic down a VPN connection, we need to remove this and allow internet locally (in fact I have ten sites with a Cisco at each to do this at) on one of the routers if I add the following NAT statement

ip nat inside source list 1 interface Dialer1

I get "Configuration Failed!" - although it appears to have applied.

I can only get to the internet locally on the server at this site, the client PC's cannot.  All of the clients and server are connected to the same switch.  Its not a DNS issue as they cannot even ping. The server however can get to everything as per the other sites

If I remove the NAT rule and allow the clients to connect back to the VPN for internet they start working again.

I have successfully added the NAT rule to the other devices today and they have all worked fine, apart from this one.

I have compared configs and there are no ACL's that are any different.

I disabled the AV on the clients but it made no difference either.

I set one of the clients with a static IP and it also made no difference, then after about 10 mins it started working.  I switched it back to DHCP and it started failing again.  I switched it back to static and nothing.

The only difference from the other devices is the configuration failed! statement

Flat out of ideas....
LVL 12
DLeaverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
The first thing that you need to do is modify the VPN access list to make only the traffic that should be encrypted "interesting" -- which would be the internal networks of the remote end.

Second, you should be NAT excluding your VPN traffic.

Third, you should have NAT configured on the inside interface.

Fourth, you should specify NAT globally outside.

You don't have a configuration or the version that you are running so I cannot provide snippets.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DLeaverAuthor Commented:
As soon as I posted it hit me, the ACL 101 for the VPN traffic is still listed with the destination of "any"

I can get on their shortly so I will put it to the test
0
DLeaverAuthor Commented:
Thank you - all working now

The extended ACL was the issue - removed and added the IP nat rule and now all the clients are working
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.