on of our VPN-Locations has a local network 192.168.0.0 /24 and uses a Cisco router for connection to Internet and a GRE-IPSEC-Tunnel for the connection to an other network. There is a dynamic NAT configured on the router for the internet and for the connection to the other network.
Both dynamic NATs work fine for all PCs in the network.
Because of a notes-link we need a static NAT to one server in the network. This static NAT is also working fine through the VPN-Tunnel. But the dynamic NAT for this server into the internet is not working anymore. If I delete the static NAT the Server can work without any problems in the internet.
Can anybody help me with that problem?
ip nat pool provider1-space 126.96.36.199 188.8.131.52 prefix-length 29
ip nat pool provider2-space 10.33.33.5 10.33.33.6 prefix-length 30
ip nat inside source route-map MAP-provider1-space interface Serial0/0 overload
ip nat inside source route-map MAP-provider2-space pool provider2-space
ip nat inside source static 192.168.0.47 10.33.33.11
route-map MAP-provider1-space permit 10
match ip address 100
match interface Serial0/0
route-map MAP-provider2-space permit 10
match ip address 100
match interface Tunnel14
access-list 100 remark NAT
access-list 100 deny ip any host 184.108.40.206
access-list 100 deny ip any host 220.127.116.11
access-list 100 permit ip any any
If you need more informations please send me an email. All ip-addresses are changed.
if I use a third pool, is it possible to use this NAT in both directions like a static NAT? The pool with only one address will be a dynamic NAT? I'm not shure if I can reach the server from outside like befor with the static NAT.
I was thinking outloud.... I have made it work using an additional tunnel. So that the server and the PC's make use of the pool to the provider through seial interface, PCs to the vpn site using the tunnel1 interface and the server to the vpn site using the second tunnel interface.... but unsure of the exact addressing requirements and the direction of traffic etc..
Need more information to be able to match your requirements.....
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.