I have two sites, connected by a ipsec tunnel and everything works fine EXCEPT when I have a "ip nat inside source static" statement needed to access services from the public IP address.
ip address x.x.x.x 255.255.255.0
ip nat outside
crypto map outside_map
ip nat inside source static tcp 10.1.0.5 3389 interface FastEthernet0 3389
When my second site tries to RDP (port 3389) to 10.1.0.5 via the IPSEC tunnel, the RDP fails and I think it's because the "ip nat inside source static" kicks in and translates the packets which is not what I want when the packets are internal to the company.
How can I do a "ip nat inside source static" statement but not have it kick in for packets that are coming in via the IPSEC tunnel?