1721 with 3 vpns and need to nat a port.

Unanswered Question
Apr 17th, 2007
User Badges:

Hi,


There is my router configuration. With this 1721 we stablish 3 vpns and work fine.


Now, we need to nat a 25 tcp port to a lan server. If I nat the port, users from vpn delegation can not make a "telnet lanserver 25"


Which is the best option/way to do this?


best regards



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
haroon.shaikh Tue, 04/17/2007 - 20:20
User Badges:

Can you tell me how your vpn works as your config is incomplete.


Also, currently there are no NAT statements except this :


ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload


If you want to add a port forwarding you might need to configure this:


ip nat inside source static tcp 25 interface dialer 0 25


This will allow you to forward your DSL port 25 to your internal lan server port 25.


data to DSL IP port 25 -> goes to internal lan server port 25


Also, your VPN clients dont need to access DSL ip, they should be able to connect straight away to lan server.


If you have access-list applied on your DSL interface, you might have to allow port 25 to work.


Also, in your config, I cant find any ip pool (may be that is missing). You will also need to make sure you disable NAT between your internal lan and vpn clients.


Also, if it still doesnt solves, post the whole config


* Please rate this post if it helps.

edgar-quintana Wed, 04/18/2007 - 01:23
User Badges:

Hi,


I know how to nat a port this is not my problem.


The problem is:


When I add a 25 tcp por nat and I save then changes made, there are 2 problems:

1?No nat from internet to the local server

2?Remote users from delagations must connect using this vpns to the local server, and if I configure this nat the can not.


Best regards

haroon.shaikh Wed, 04/18/2007 - 12:05
User Badges:

Hey Mate,


First, I still cant understand what exactly you want to do? Can you post a detailed description of what you are trying to do?


Second, can you post the whole config? As the one in first post is incomplete.



edgar-quintana Wed, 04/18/2007 - 12:29
User Badges:

Hi,


My explanation is very clear...


This cisco 1721 supports vpns ok? User from small offices connect using this vpn to servers which are in lan with this router ok?


Thats works fine.


Then I need to nat a port(smtp 25tcp) in this router, but, if I nat this port, users from small offices can not connect to the server using that port. From internet if I make a telnet ip 25 no response.


The first post has the visible information, the rest is confidencial.

haroon.shaikh Wed, 04/18/2007 - 12:39
User Badges:

Well from your explanation my best guess would be to check the following:


- Access-list on the outside Interface. (You need to allow the port)

- Access-list on Inside interface (You also need to allow reverse telnet port)

- Split tunnel ACLs (If you have configured it, check if you allowed traffic between the VPN clients and local LAN.


From your explanation if you configure port 25 translation and still cant connect from internet i think its the first explanation.


Also, it is safe to post config after removing the external ip and other password information. That will help other users look at your issue properly. But afterall its your choice...


But dont forget the rate the posts as it encourages other users to post comments

Actions

This Discussion