I have on one interface of my router-firewall set up VPN connection, and I have input access list like the following for my IPsec - VPN connection:
access-list 111 permit tcp host 172.19.49.110 host 172.27.80.100 eq 3700
access-list 111 permit tcp host 172.19.49.110 host 10.15.40.112 eq www
access-list 111 permit tcp host 172.19.49.110 host 10.15.40.112 eq 443
access-list 111 permit ip host 172.19.49.110 host 10.15.40.144
I am going to include nat like :
ip nat inside source static tcp 192.168.100.9 25 220.127.116.11
on the same interface, and I am going to include on the same interace input access list with port 22 and address 18.104.22.168 from where I could access inside server.
So, I have VPN on my interface and nat through which I can approach to the server located inside by using ssh.
I have read an article about nat order, and still I could not design my input access list after Ipsec. Do I have to include the list of ipsec? How because it is located before the nat outside to inside (global to local Translation)?