We are having problems accessing some static NATted IPs over a VPN. After doing some research, we learned you need to exclude traffic destined for the VPN from the static NAT using a route-map. So we did this:
10.1.1.x is the VPN IP pool.
access-list 130 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 130
ip nat inside source static 192.168.1.5 18.104.22.168 route-map nonat
The above worked to fix the VPN issue but the 192.168.1.5 IP is no longer available publicly via 22.214.171.124. What seems to happen is that the static NAT is not really working and this IP is being NATted with the PAT IP.
Any ideas on how to get this to work?
The following example details exactly your case:
Try replacing the 192.168.1.0 subnet by the host address.
It should work