I have a Cisco 2921 router. I have a few IPSec site to site VPN's configured and a terminal server behind the 2921. The problem I am experiencing is I also publish that terminal server to the internet. When I have a NAT setup to allow access from externally, users on my VPNs can no longer connect via RDP to that server. If I delete the NAT, then they can connect again. How can I set it up so both work?
Here is the NAT command I am using (replacing IP's with generic):
ip nat inside source static tcp 10.10.1.10 3389 220.127.116.11 3389
If I have that command active, I can RDP in from externally, but VPN users cannot (they would be in the 10.14.0.0 subnet). If I remove that command, my users behind the VPN can RDP fine, but obviously external users cannot.