Preview Tool

Cisco Bug: CSCsg39216 - ezvpn tunnel traffic with acl keyword is not excluded from NAT

Last Modified

Feb 22, 2014

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)


When EZVPN client is configured with "acl" keyword, the tunneled (vpn) traffic also gets NATed. 
This only happens if there is a NAT configuration that includes the interesting VPN traffic.  

The tunneled traffic should be bypassed from NAT when the VPN is up. 


crypto ipsec client ezvpn hwclient
 connect auto
 group cisco key cisco123
 mode network-extension
 acl 103
access-list 103 permit ip


1) ezvpn client is configured
2) interesting tunnel traffic is defined using the "acl" keyword under global ezvpn
3) NAT is configured
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.