From my router conf:
crypto map CRYPTO 20 ipsec-isakmp
set peer 184.108.40.206
set transform-set TELCOM
set pfs group2
match address 102
access list consist of only one command:
access-list 102 permit ip host 220.127.116.11 18.104.22.168 0.0.0.63
Now what is a bit unusual is that this access list contains only public addresses instead of private addresses. 22.214.171.124 is the server public address located in my network. 126.96.36.199 0.0.0.63 is on my client side.
I could not find any info which is similar to my access list with public addresses on the internet. My client - telecom provider does not have any communication with me.
The problem is that I need to limit access to my server, and my intention is to allow only VPN access from my client site to my server, which is to be moved behind router-firewall).
So I have to nat my server public address:
ip nat inside source static 192.168.100.24 188.8.131.52
Therefore I have problem how to design acl list to do that:
Relating to NAT order I might have to put the following instructions in my outbound acl on the inside interface of the router:
access-list 123 permit ip host 184.108.40.206 host 192.168.100.24
access-list 123 deny ip any host 192.168.100.24
I have done that but it have caused VPN communication to stop. I do not know what I have done wrong?