Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

The VPN client is unable to access the internal host configured for static NAT on the router

Core issue

This issue can occur when the vpn pool range of addresses are not explicitly denied from being translated when leaving the router.

Resolution

In order to resolve this issue, issue the route-map command for static translation. Translation decisions can be made based on the destination IP address when static translation entries are used.


For example, if the router has this configuration:


Servers internal ip address: 10.1.1.3
Servers global ip address: 192.168.1.1
VPN client-pool: 192.168.36.1 192.168.36.254
Nat statement: ip nat inside source static 10.1.1.3 192.168.1.1


Then, this example shows the use of the route-map command with static NAT translations:


ip nat inside source static 10.1.1.3 192.168.1.1  route-map < nonat >

access-list 150 deny  ip host 10.1.1.3 192.168.36.0 0.0.0.255

access-list 150 permit ip host 10.1.1.3 any

route-map nonat permit 10
match ip address 150


Note: This feature was introduced in Cisco IOS  version 12.2(4)T.

Refer to NAT - Ability to Use Route Maps with Static Translations for additional help with how to configure route maps with static translations.

Problem Type

Connectivity to the device

Product Family

Routers

VPN - hardware & software clients

582
Views
0
Helpful
0
Comments