I'm trying to configure a Cisco 857 ADSL router to do both NAT for internal clients and serve as a VPN concentrator for clients on the public internet.
I can get it to do either but not both.
I have tried to exclude UDP connections to port 500 from the NAT rules but it seems I don't have sufficient knowledge of Cisco to achieve this.
I have a dialer1 interface which shows OUTSIDE_IP2 as its assigned IP address when issuing a show interface dialer1.
I then have the following NAT rules:
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip nat inside source static INSIDE_IP1 OUTSIDE_IP1
ip nat inside source static INSIDE_IP2 OUTSIDE_IP2
ip nat inside source static INSIDE_IP3 OUTSIDE_IP3
ip nat inside source static INSIDE_IP4 OUTSIDE_IP4
SDM_RMAP_1 is defined as:
route-map SDM_RMAP_1 permit 1
match ip address 100
while access-list 100 is:
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any VPN_IP_BASE 0.0.0.255
access-list 100 permit ip any any
Any help on how to re-write these nat rules so they do exactly what they do now but allow a VPN to either OUTSIDE_IPx address (I think I can only use the one assigned to dialer1?) would be greatly appreciated.
Thanks a lot.