We have Cisco 1750 router on which we have configured VPN with our overseas office. we are able to get VPN connectivity with it. We have MS-Exchange server installed in our intranet. The exchange server site connector is configured for our overseas's office Exchange mail server. My Exchange database replication is hapening via VPN .
I want my intranet mail server to be accessed over the internet so that my office employee should be able to access the mails from residents also (i.e. over the internet). If I configure NAT on my router to get a Static IP (i.e. valid IP) for my exchange server, I don't get the VPN connectivity with my exchange server and my exchange database does not get updated with my overseas Exchange server.
What kind of vPN are you using? I'll assume IPSEC.
Using what I understand of your problem (w/o NAT, the VPN works fine, w/NAT, VpN breaks), the first thing I'd check on both sides is to see that your crypto-maps match the post NATted address (NAT occurs before encryption on an egress interface)
debug crypto ipsec
debug crypto isakmp
are useful debug commands to see what the router is doing (or not doing, as the case may be)
Also consider the security of that host in general - if you're providing the Internet access to a host within your Intranet, if that host is compromised, it could be a jumping-off point for further attacks within your network. Any host that is visible to the Internet should at least be in a DMZ of some sort.
Chapman and Zwicky's "Building Internet Firewalls" book is a great reference for this kind of thing...
Id suggest starting with the firewall debugs. After that, check your NT box and see if its multi-homed. Ive learned packet filter firewalls dont like multi-homed NT boxes as they track the IP addresses, and if the source address changes it can terminate the session. If all those turn out alright Id try sniffing the wire.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...