04-17-2007 12:19 PM - edited 03-09-2019 05:49 PM
Hi,
There is my router configuration. With this 1721 we stablish 3 vpns and work fine.
Now, we need to nat a 25 tcp port to a lan server. If I nat the port, users from vpn delegation can not make a "telnet lanserver 25"
Which is the best option/way to do this?
best regards
04-17-2007 08:20 PM
Can you tell me how your vpn works as your config is incomplete.
Also, currently there are no NAT statements except this :
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
If you want to add a port forwarding you might need to configure this:
ip nat inside source static tcp
This will allow you to forward your DSL port 25 to your internal lan server port 25.
data to DSL IP port 25 -> goes to internal lan server port 25
Also, your VPN clients dont need to access DSL ip, they should be able to connect straight away to lan server.
If you have access-list applied on your DSL interface, you might have to allow port 25 to work.
Also, in your config, I cant find any ip pool (may be that is missing). You will also need to make sure you disable NAT between your internal lan and vpn clients.
Also, if it still doesnt solves, post the whole config
* Please rate this post if it helps.
04-18-2007 01:23 AM
Hi,
I know how to nat a port this is not my problem.
The problem is:
When I add a 25 tcp por nat and I save then changes made, there are 2 problems:
1?No nat from internet to the local server
2?Remote users from delagations must connect using this vpns to the local server, and if I configure this nat the can not.
Best regards
04-18-2007 12:05 PM
Hey Mate,
First, I still cant understand what exactly you want to do? Can you post a detailed description of what you are trying to do?
Second, can you post the whole config? As the one in first post is incomplete.
04-18-2007 12:29 PM
Hi,
My explanation is very clear...
This cisco 1721 supports vpns ok? User from small offices connect using this vpn to servers which are in lan with this router ok?
Thats works fine.
Then I need to nat a port(smtp 25tcp) in this router, but, if I nat this port, users from small offices can not connect to the server using that port. From internet if I make a telnet ip 25 no response.
The first post has the visible information, the rest is confidencial.
04-18-2007 12:39 PM
Well from your explanation my best guess would be to check the following:
- Access-list on the outside Interface. (You need to allow the port)
- Access-list on Inside interface (You also need to allow reverse telnet port)
- Split tunnel ACLs (If you have configured it, check if you allowed traffic between the VPN clients and local LAN.
From your explanation if you configure port 25 translation and still cant connect from internet i think its the first explanation.
Also, it is safe to post config after removing the external ip and other password information. That will help other users look at your issue properly. But afterall its your choice...
But dont forget the rate the posts as it encourages other users to post comments
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: