cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
346
Views
0
Helpful
2
Replies

can't RDP to branch server

syazowen86
Level 1
Level 1

Dear all,

here's the scenarios.

1) I have a branch site with multiple public IP

2) one of the server need to be access from other branch as well (VPN tunnel established)

3) its a cisco router

!

interface FastEthernet0/0

description outside

ip address x.x.x.3 255.255.255.248

ip nat outside

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

crypto map vpn

!

ip nat inside source static 192.168.1.100 x.x.x.4

!

ip route 0.0.0.0 0.0.0.0 x.x.x.1

!

remarks

- tunnel from branch to branch is already established

- I can access to the server RDP using public ip x.x.x.4

- but user from other branch couldnt ping or RDP to this server using 192.168.1.100

2 Replies 2

Your problem comes from the fact that both native and VPN traffic flows over the same NAT-enabled interface. So your NAT-statement matches also on the VPN-traffic. There are two solutions to solve that problem:

1) Migrate to VTIs. With these you have an IPSec-Interface where you don't need to enable NAT. For that, the other end also has to be an IOS-router.
2) Extend your NAT-statement with a route-map. In that route-map you specify an ACL that has deny-statements for the VPN-traffic and the traffic won't be NATted any more when flowing through the VPN.


Sent from Cisco Technical Support iPad App

hi karsten,

thanks for your reply.

u mean this?

i already configured this in the router.

ip nat pool test x.x.x.3 x.x.x.4 netmask 255.255.255.248

ip nat inside source route-map nonat pool test overload

!

access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255

access-list 120 permit ip 192.168.1.0 0.0.0.255 any

!

route-map nonat permit 30

match ip address 120

!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: