I am trying to setup a Hub->spoke VPN configuration, where all of my branch locations route all traffic through an IPSEC tunnel to a central router, which then routes to internet(or other branches).
I have no issue getting the IPSEC tunnels setup. My issue is when one of my branch offices wants to access the internet, I can't figure out why NAT isn't working from the central router:
I'd post both configs here, but currently I've got them back to running normal with individual NAT at each router to the internet.
Normally this would be the ideal config, except we're wanting to monitor internet use from a central device, and to do that efficiently we'd like to push all branch office traffic to the central office, where it will push authorized internet traffic out.
Obligatory ASCII diagram
PC1(Branch office, 192.168.10.25)---Cisco1(192.168.10.1/24 and
12.178.243.A/29)---IPSEC TUNNELIPSEC TUNNEL---Cisco2(12.191.90.B/27 and 192.168.1.220/24)
Cisco2's default gateway is 12.191.90.X, where X is the router in that subnet. If I make it 192.168.1.14(my LAN gateway) IPSEC breaks.
Any Help?