Lab 10 - 3.1

For 3.1, I setup a tunnel interface between R4 and R5

Tunnel source on R4 is lo0 and destination is lo0 of R5 and vice versa

Provided an IP address for both ends ot the tunnel

setup the link as nat inside on both routers and the tunnel itnerface for nat outside

ip nat source static on both routers

an IP route point to the tunnel next hop ip address was added.

Things were working fine upto this point. Final state:

Created a crypto ipsec profile and specified the protection on the tunnel to use this profile.

The issue that I am running into is that the tunnel stops working when I do this. Am I missing something? Is this not doable? If so, why?


  • pharoh,


    i haven't had a chance to look into this lab yet, but if the problem is happening when you add the ipsec profile on the tunnel maybe it could related to the order of operations of NAT and encryption.

    NAT will occur before encryption, so you may need to adjust your nat config in order to support the new addresses



Sign In or Register to comment.