Campus Switching and Routing

Reply
Occasional Contributor I
Posts: 7
Registered: ‎08-05-2016

Tunneled VIA traffic Src NAT

Hi Guys,

 

I've been struggling for a few days now to work out why my client traffic is being src-natted back into the corporate network so I'm hoping that someone on here might be able to help me find something I've missed.

 

I'm using an ESI rule applied to the user role

 

My clients get an IP address from a VPN pool in the same subnet as VLAN 255 and I want to route the traffic going to their internal corporate IP's through a router connected on VLAN 125.

 

interface vlan 255
        ip address 192.168.6.1 255.255.255.0
        operstate up
!

interface vlan 125
        ip address 10.100.100.12 255.255.255.0
!

 

ESI ACL:

 

!
user-role vpn-st-test
 vlan 255
 pool l2tp axim-via-pool
 via "axim-via"
 access-list session global-sacl
 access-list session apprf-vpn-st-test-sacl
 access-list session dns-acl
 access-list session dhcp-acl
 access-list session axim-st-route
 access-list session allowall
!

!
ip access-list session axim-st-route
  network 192.168.6.0 255.255.255.0   alias axim-sites any  redirect esi-group axim-esi-group direction  both log
!

!
esi server core
trusted-ip-addr 10.100.100.11 health-check
untrusted-ip-addr 10.100.100.11 health-check
mode route

!

esi group axim-esi-group
  ping axim
  server core
!

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: