We have a customer with 2x 877 routers connected to the internet. These routers are configured with an IPSec tunnel (which works fine). The issue is the inbound static NAT translations causes problems with the tunnel - port 25 is mapped to the Inside address of the mail server. The existing config works fine for inbound mail, but prevents users from accessing the mailserver directly (using the private IP) on port 25.
Here's the NAT Config:
ip nat pool INET_POOL <publicIP> <publicIP> netmask 255.255.255.252
ip nat inside source route-map INET_NAT pool INET_POOL overload
Re: NAT on IPSec tunnel between 2x IOS routers (877)
Hello, my name is Nelson and I have the some problem.
I have a customer with a VPN working just fine. He can access the remote PCs (3389 port) via VPN without any problem. Now, they ask us to open 3389 to a particular outside IP (from Internet). The question is that when I configure the static pat for 3389 port, the customer loses the access via VPN to 3389 port of remote PC because of the static nat.
ip nat inside source static tcp 184.108.40.206 3389 3389 extendable
How can I open the 3389 to the external IP (from the Internet) and keep the access to remote sites of the customes ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...