Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

redirecting incoming traffic to vpn connected networks


at the central site we have 1811 router with established few static vpn ipsec tunnels. At the remote sites we have 831 routers. Is there any way to redirect certain incoming traffic (based on tcp ports) from outside at the central place, directly to networks connected through vpn? All private network addresses are different and the incoming traffic is landing through static nat on the internal host at the central site. How can I redirect this traffic into some vpn tunnel?

Thank you for any reply.


Re: redirecting incoming traffic to vpn connected networks


Do correct me if i hvent understood ur post properly..

you need to redirect some traffic from the remote locations which is coming via the secured tunnels to some network which is also inturn connecting to the central locations via secured tunnels ?

is it ur requirement over here ?? or u have got something else in mind ??

if possible do post out a schematic diagram with ur requirments in place also if possible post out the sample configs of ur central and remote location without any sensitive infos in that..


New Member

Re: redirecting incoming traffic to vpn connected networks

Sorry for confusion, here is some additonal info:

1. Current scenario:

central site is receiving the traffic from Internet on external ip f.ex This traffic is static nat to internal host ; this traffic is using many specified tcp ports;

the central site has laso 5 fixed ipsec vpn tunnels with their networks f. ex.,, etc.

2. Requirements:

eliminating the need of the internal host, instead redirecting the traffic directly to networks,, etc. based on the tcp ports used. F.ex ports tcp range 2000 - 2010 redirect to,

ports tcp range 2000 - 2020 redirect to etc.

I hope that would clear well the question I asked.

In the current scenario there is no such problem because all the interested traffic is handled at the central site, because of changing the structure we need to find out the new solution.