Hi,
I have a LAN to LAN VPN. I also have an access-list that processes traffic on a port bases to internal servers. The problem I'm having is, if I add a server to the access-list allowing any port (we'll use port 80 for this example) then that server is unable to send traffic through the VPN tunnel.
Example:
ip nat inside source static --moderator edit-- 192.168.1.13 --moderator edit-- 10.1.1.13
access-list 117 permit tcp any host --moderator edit-- 10.1.1.13 eq www
access-list 117 deny ip any host --moderator edit-- 10.1.1.13
If I remove the deny statement, I can use the VPN tunnel from this server, but then all the ports are opened to this server from the internet, which I don't want.
Is there a way to keep both my NAT and access list enabled and utilize my VPN tunnel to the other LAN.
Thanks for the responses in advance.