FTP NAT over vpn issue

I have an 1841 that I am running a L2L tunnel on. I have an address NAT to an inside address. The nat works fine. The issue is when I try to ftp to the NAT address it is really clunky. It's slow and sometimes times out.

Reply to
vidmine
Loading thread data ...

Post show version and show run

Reply to
Merv

sh ver Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version

12.4(12), RELEASE SOFTWARE (fc1) Technical Support:
formatting link
(c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 17-Nov-06 10:44 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)

DMZ_VPN uptime is 1 week, 5 days, 19 hours, 24 minutes System returned to ROM by reload at 18:33:27 UTC Wed Aug 15 2007 System image file is "flash:c1841-advipservicesk9-mz.124-12.bin"

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at: --More--  

formatting link
If you require further assistance please contact us by sending email to snipped-for-privacy@cisco.com.

Cisco 1841 (revision 6.0) with 233472K/28672K bytes of memory. Processor board ID

6 FastEthernet interfaces 2 Virtual Private Network (VPN) Modules DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

! policy-map global_policy ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp policy 5 encr 3des hash md5 authentication pre-share group 2 !

! ! ! interface Loopback0 ip address 192.168.255.1 255.255.255.0 ! interface Loopback2 ip address 1.1.1.1 255.255.255.255 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 ip address 10.0.6.253 255.255.255.0 no ip redirects ip nat outside ip virtual-reassembly no ip route-cache ip policy route-map hurricane duplex auto speed auto crypto map clientmap ! interface FastEthernet0/1 no ip route-cache shutdown duplex auto speed auto ! nterface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ! ip local pool ippool 10.0.8.1 10.0.8.254 ip local pool vpnpool 10.0.7.1 10.0.7.20 ip route 0.0.0.0 0.0.0.0 10.0.6.254 ! ! no ip http server no ip http secure-server ip nat inside source static 10.0.0.99 69.236.26.99 ! ! access-list 101 permit ip 192.168.255.0 0.0.0.255 192.168.120.0

0=2E0.0.255 access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.120.0 0=2E0.0.255 access-list 101 permit ip 192.192.192.0 0.0.0.255 192.168.120.0 0=2E0.0.255 access-list 101 permit ip 172.16.0.0 0.0.255.255 192.168.120.0 0=2E0.0.255 access-list 102 permit ip 10.0.0.0 0.255.255.255 192.168.121.0 0=2E0.0.255 access-list 102 permit ip 192.192.192.0 0.0.0.255 192.168.121.0 0=2E0.0.255 access-list 102 permit ip 172.16.0.0 0.0.255.255 192.168.121.0 0=2E0.0.255 access-list 102 permit ip host 69.236.26.99 192.168.121.0 0.0.0.255 access-list 190 permit ip 0.0.0.0 0.0.0.255 host 192.192.192.80 log access-list 190 permit ip host 192.192.192.80 0.0.0.0 0.0.0.255 log access-list 190 permit ip any any log ! route-map vpnpool permit 10 match ip address 102 set interface Loopback2 ! route-map hurricane permit 10 match ip address 102 set interface Loopback2
Reply to
vidmine

IOS version 12.4(12) has been yanked by Cisco.

Cisoc CCO says replacement is 12.4(12a), I would go with 12.4(12c) to see if problem still occurs

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.