Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN - Exchange Prob

We have Cisco 1750 router on which we have configured VPN with our overseas office. we are able to get VPN connectivity with it. We have MS-Exchange server installed in our intranet. The exchange server site connector is configured for our overseas's office Exchange mail server. My Exchange database replication is hapening via VPN .

I want my intranet mail server to be accessed over the internet so that my office employee should be able to access the mails from residents also (i.e. over the internet). If I configure NAT on my router to get a Static IP (i.e. valid IP) for my exchange server, I don't get the VPN connectivity with my exchange server and my exchange database does not get updated with my overseas Exchange server.

Can you guide me on this


Rajesh Rane

New Member

Re: VPN - Exchange Prob

Rajesh -

What kind of vPN are you using? I'll assume IPSEC.

Using what I understand of your problem (w/o NAT, the VPN works fine, w/NAT, VpN breaks), the first thing I'd check on both sides is to see that your crypto-maps match the post NATted address (NAT occurs before encryption on an egress interface)

debug crypto ipsec

debug crypto isakmp

are useful debug commands to see what the router is doing (or not doing, as the case may be)

Also consider the security of that host in general - if you're providing the Internet access to a host within your Intranet, if that host is compromised, it could be a jumping-off point for further attacks within your network. Any host that is visible to the Internet should at least be in a DMZ of some sort.

Chapman and Zwicky's "Building Internet Firewalls" book is a great reference for this kind of thing...

Hope this helps



Re: VPN - Exchange Prob

I’d suggest starting with the firewall debugs. After that, check your NT box and see if it’s multi-homed. I’ve learned packet filter firewalls don’t like multi-homed NT boxes as they track the IP addresses, and if the source address changes it can terminate the session. If all those turn out alright I’d try sniffing the wire.

New Member

Re: VPN - Exchange Prob

Here are the microsoft q articles you will need to read and interpret to implement them in your environment. This helped me with another type of VPN.

Article ID: Q155831

Article ID: Q148732

Article ID: Q180795

Article ID: Q176466

THis will get you going in the right direction