My configuration is as follows. I am using a 851 as an internet router which does NAT and gives out dhcp to devices uplinked to them. I have a PC which uplinks to this device and is able to surf the internet with no problem. The second router in this picture is an 871 which uplinks behind the 851 in order to receive dhcp and be able to gain internet access. This router is configured to establish a vpn tunnel back to a concentrator. This part of the solution works with no problems. What we are trying to achieve is to tunnel certain traffic to the internal interface of the 871 which would then send it over the vpn tunnel thus sending the traffic back to its destined location. I am using a static route to do this but the problem i am having is a routing loop when i try to ping the ip of the destination all it does is bounce back and forth from one interface to the other.
I am using the ip route as follows
ip route 10.x.x.x 255.255.255.0 172.16.27.1
172.16.27.1 is Vlan1's internal ip on which the vpn tunnel is formed. I would think this would work but it is not making it to the interface. Any suggestions would be great851 config below ! hostname inet_rtr ! boot-start-marker boot-end-marker ! enable secret 5 $1$EZqR$0ZYqlt1uKiB6KCnfNV8kd/ ! no aaa new-model ! resource policy ! no ip dhcp use vrf connected ! ip dhcp pool TEST network 172.16.1.0 255.255.255.0 default-router 172.16.1.1 dns-server 65.32.1.65 65.32.1.70 lease 0 2 ! ! ip cef ! ! ! ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address XX.XX.XX.XX 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Vlan1 ip address 172.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly no autostate ! ip route 0.0.0.0 0.0.0.0 67.79.177.193 ip route 10.1.1.0 255.255.255.0 172.16.27.1 ! no ip http server no ip http secure-server ip nat service fullrange udp port 500 ip nat inside source list 1 interface FastEthernet4 overload ! access-list 1 permit 172.16.1.0 0.0.0.255 !
871 confighostname vpn_rtr ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! ip cef ! ! ! crypto ipsec client ezvpn XXXX connect auto group XXXX key XXXXXXXXXXXXXXXXX mode client peer xx.xxx.xx.xxx username test871 password xxxxxxxxxxxxxxxxx xauth userid mode local ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address dhcp duplex auto speed auto crypto ipsec client ezvpn XXXX ! interface Vlan1 ip address 172.16.27.1 255.255.255.0 no autostate crypto ipsec client ezvpn XXXX inside ! ! no ip http server no ip http secure-server ! ! ! ! control-plane !