Hi all I have the below setup R1 - R2 - R3 - R4 R1 and R4 has loopback interfaces that needs to communicate via IPSEC established between R1 and R4 R2 and R3 has EBGP relation The IPSEC is working fine When I configure a loopback interface on R2 and R3 and advertise it in BGP in order for the NAT to work , the NAT works but I loses the IPSEC connectivity
R1 hostname R1 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.34.4 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.34.4 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.1.1 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.12.1 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.1.1 212.118.1.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.12.2 ip access-list extended NAT_ACL deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 R2 hostname R2 interface Loopback0 ip address 212.118.2.2 255.255.255.255 interface Serial1/0 ip address 212.118.12.2 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.2 255.255.255.0 encapsulation ppp no shut router bgp 2 bgp log-neighbor-changes network 212.118.12.0 neighbor 212.118.23.3 remote-as 3 ip route 212.118.1.0 255.255.255.248 ser1/0 R3 hostname R3 interface Loopback0 ip address 212.118.3.3 255.255.255.255 interface Serial1/0 ip address 212.118.34.3 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.3 255.255.255.0 encapsulation ppp no shut router bgp 3 bgp log-neighbor-changes network 212.118.34.0 neighbor 212.118.23.2 remote-as 2 ip route 212.118.4.0 255.255.255.248 Ser1/0 R4 hostname R4 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.12.1 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.12.1 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.4.4 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.34.4 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.4.1 212.118.4.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.34.3 ip access-list extended NAT_ACL deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 192.168.4.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 What I configure on R2 and R3 is 212.118.2.2/32 and 212.118.3.3/32 respectively , what should i do in order for both IPSEC and NAT to work ? Thanks _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/