Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 837 VPN Client and Static


I have a router 837 for Internet Access and i have configure VPN access to centrale Office.

This configuration is working well.

Here is the configuration attach (the public IP address is not the real).

The problem :

I must give access to an internal printer directly from Internet.

I use this command :

ip nat inside source static

If i activate this command, i can print with no problem, but 5 mn later the VPN connection shut down.

If i disable the command :

no ip nat inside source static

The VPN is OK

Is it possible to have VPN and ip nat inside source static

Thanks for your help


Re: Cisco 837 VPN Client and Static

"ip nat inside source static"

with this static statement, all traffic including ipsec, will be natted and forwarded to

instead of configuring static nat, static pat should be used.


ip nat inside source static tcp 9100 9100

port 9100 is the default port for most printers. further, you may manipulate the port in order to achieve a slightly higher level of security.


ip nat inside source static tcp 9100 9200

with this static pat statement, user from internet needs to configure the printer with port 9200. in other words, it may prevent a certain level of port scanning from intruders since port 9200 is not a common port to be scanned.

CreatePlease login to create content