dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to Lea Massiot

Re: VPN between two Cisco 887VA devices

Several things I noticed on the router configurations

* You shouldn't need to put subnet mask on the crypto isakmp key command
* On the Router 2's NAT ACL, you need to replace the ACL 1 with extended ACL (i.e. ACL 100) to deny NAT to take place for traffic between 192.168.1.0/24 and 192.168.0.0/24; and to allow NAT to take place only for the Internet traffic (Split Tunnel issue). Otherwise both encrypted and clear-text traffic (VPN and the Internet traffic) will be NAT-ed
* I never like the idea of having interface as default gateway since it potentially creates unnecessary ARP broadcast which may slow down your connection. Why can't you just use IP address as default gateway?