This issue can occur when the vpn pool range of addresses are not explicitly denied from being translated when leaving the router.
In order to resolve this issue, issue the route-map command for static translation. Translation decisions can be made based on the destination IP address when static translation entries are used.
Servers internal ip address: 10.1.1.3Servers global ip address: 192.168.1.1VPN client-pool: 192.168.36.1 192.168.36.254Nat statement: ip nat inside source static 10.1.1.3 192.168.1.1
Then, this example shows the use of the route-map command with static NAT translations:
ip nat inside source static 10.1.1.3 192.168.1.1 route-map < nonat >
access-list 150 deny ip host 10.1.1.3 192.168.36.0 0.0.0.255
access-list 150 permit ip host 10.1.1.3 any
route-map nonat permit 10 match ip address 150
Connectivity to the device
VPN - hardware & software clients