Central location, (ASA 5520) is connected with branch office running 2811 router via IPSec VPN. The router has a single IP address available so PAT is in place on outside interface. I have configured VPN tunnel with main office and it is functional. In the branch office network i have a server running services on 80,443 and 1352 ports. These server ports are being translated to outside router ip address. These services are accessible from the outside but when i try to access these ports on server through VPN tunnel, i get no response.
I know this is because i have static translation to outside interface for these ports. What i need to be able to do is to access server both from public and from corporate network on these ports. How can i configure router in order to achieve this? I have tried applying ip policy route-map command on inside interface and tried to redirect server traffic to loopback interface, but no success..
You are correct indeed. In NAT order of operation, static translation is the one considered first before dynamic translation. The no nat configuration mentioned by your route-map VPNTunnel is bypassed by the static translations for 80,443 and 1352 ports. The problem is that you cannot do policy nat (adding a route-map statement) if you are doing port redirection :
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :