Campus Switching and Routing

Occasional Contributor I

Tunneled VIA traffic Src NAT

Hi Guys,


I've been struggling for a few days now to work out why my client traffic is being src-natted back into the corporate network so I'm hoping that someone on here might be able to help me find something I've missed.


I'm using an ESI rule applied to the user role


My clients get an IP address from a VPN pool in the same subnet as VLAN 255 and I want to route the traffic going to their internal corporate IP's through a router connected on VLAN 125.


interface vlan 255
        ip address
        operstate up

interface vlan 125
        ip address




user-role vpn-st-test
 vlan 255
 pool l2tp axim-via-pool
 via "axim-via"
 access-list session global-sacl
 access-list session apprf-vpn-st-test-sacl
 access-list session dns-acl
 access-list session dhcp-acl
 access-list session axim-st-route
 access-list session allowall

ip access-list session axim-st-route
  network   alias axim-sites any  redirect esi-group axim-esi-group direction  both log

esi server core
trusted-ip-addr health-check
untrusted-ip-addr health-check
mode route


esi group axim-esi-group
  ping axim
  server core


Search Airheads
Showing results for 
Search instead for 
Did you mean: