Basically you normally bypass NAT for hte IPSec traffic, this is done using a route-map in your nat statement. However, when you have a static translation set up, that is not bypassed with your NAT route-map cause it's a separate command. For the statics, you still need to bypass NAT, and the way to do this is to create a loopback address with any address on it, and then policy route traffic for the static through this loopback interface. Because the traffic comes in on the "ip nat inside" interface, then through the loopback interface which has no nat configuration on it, then out the "ip nat outside" interface, NAT is actually bypassed and everything works.
It may seem confusing, but if you think through it logically it makes sense.
Re: VPN and internal adddress' with NAT translation
I just got done with the exact same problem, and the fix was not obscure, but brain rattling until we figured it out. I'm making the presumption that this is a vpn client pc connecting to the edge router? The attached config is just such a sample that doesn't exist on TAC. The main problem is that the vpn configs, while correct, doesn't say that any existing NAT statements for the inside to outside must be first removed _before_ using the sample config! There can be only _one_ NAT statement for inside addresses headed to the outside, and it is this part of the config that uses the nonat route map.
Take a look at this config, and let me know if you still have questions. My TAC engineer told me that this config might wind up as a new TAC-tested config, it works perfectly for any PC.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...