I use static NET to expose some servers to the internet. I created an IPSec tunnel from a remote office to the central office which worked but, the remote office could not connect to the servers that have static NAT mappings.
I added a route-map to the static mappings like this:
ip nat inside source static 192.168.12.9 22.214.171.124 route-map NATRouteMap
route-map NATRouteMap permit 1
match ip address 104
access-list 104 deny ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0 255
access-list 104 permit ip 192.168.12.0 0.0.0.255 any
Everything seemed to work fine until e-mail started bouncing. Without the route-map on the ip nat, connections from 192.168.12.9 would have a source IP address of 126.96.36.199, exactly what the static mapping says. With the route-map, connections from 192.168.12.9 have a source IP address of 188.8.131.52 which is the external interface and pooled NAT ip address.
How can I have out bound static mapping and still access the server from the IPSec tunnel?