We have to configure a site-to-site VPN over internet. ( only for one host from each location ) on Cisco ISR and also access this host from internet.
We have configured access-list for crypto map as follows
access-list 111 permit ip source_host Dect_host.
For this particular host there is no corresponding NAT. As remaining all NAT are static for one host to host. ( for example 10.1.1.1 --> Public_ip1, 10.1.1.5 ---> Public_ip2).
Now as we have configured site-to-site IPSEC for one particular host it is working fine. It is communicating with other end of the tunnel and it is using the Public_IP address of "Outside"
interface of our router.
As next step, we need to access this particular host from internet and not only from VPN tunnel. Can it be done?
How can one more NAT be added for this host ( host--> Public_IP3), so that this host can be accessed from Public_IP3.
Can configuring NAT with access-list solve our problem?
Any example on cisco.com is highly appreciable.
Thanks in advance.