Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
198
Views
0
Helpful
1
Replies

NAT, VPN traffic processing...

lwolowski
Level 1
Level 1

‎02-18-2003 10:35 AM - edited ‎03-02-2019 05:10 AM

Hi,

I have a LAN to LAN VPN. I also have an access-list that processes traffic on a port bases to internal servers. The problem I'm having is, if I add a server to the access-list allowing any port (we'll use port 80 for this example) then that server is unable to send traffic through the VPN tunnel.

Example:

ip nat inside source static --moderator edit-- 192.168.1.13 --moderator edit-- 10.1.1.13

access-list 117 permit tcp any host --moderator edit-- 10.1.1.13 eq www

access-list 117 deny ip any host --moderator edit-- 10.1.1.13

If I remove the deny statement, I can use the VPN tunnel from this server, but then all the ports are opened to this server from the internet, which I don't want.

Is there a way to keep both my NAT and access list enabled and utilize my VPN tunnel to the other LAN.

Thanks for the responses in advance.

Labels:
0 Helpful
1 Reply 1

m.singer
Level 4
Level 4

‎02-26-2003 07:58 AM

access-list 117 permit tcp any host --moderator edit-- 10.1.1.13 eq www

access-list 117 deny ip any host --moderator edit-- 10.1.1.13

In the above access list the deny statement is not needed as the permit statement itself has the implicit deny.

And I think you have to check the NAT and IPSEC configuration. Check whether you have configured the natted IP address in the IPSEC configuration.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents