dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

reply to Lea Massiot

Re: VPN between two Cisco 887VA devices

Several things I noticed on the router configurations

* You shouldn't need to put subnet mask on the crypto isakmp key command
* On the Router 2's NAT ACL, you need to replace the ACL 1 with extended ACL (i.e. ACL 100) to deny NAT to take place for traffic between and; and to allow NAT to take place only for the Internet traffic (Split Tunnel issue). Otherwise both encrypted and clear-text traffic (VPN and the Internet traffic) will be NAT-ed
* I never like the idea of having interface as default gateway since it potentially creates unnecessary ARP broadcast which may slow down your connection. Why can't you just use IP address as default gateway?