HI All,

Can i please get help in regards to following issue

I have 1xWeb Server in my inside network with an IP address of 10.90.30.166.

Initially i had setup NAT translation as

#ip nat inside source static 10.90.30.166 rrr.rrr.rrr.rrr

#ip nat inside source list 112 pool NATCUSTMER overload

#ip nat inside source list 112 pool NATCUSTMER overload

With the above configuration ebery thing worked perfactly until i established a VPN from our router to Wtach Gaurd. access list for VPN was as

#permit ip host 10.90.30.166 host xxx.xxx.xxx.xxx

With this and related VPN configuration, VPN was established successfully but traffic was not flowing across the VPN.

as soon as i break the NAT VPN would work but internet access and access to this server from Internet would not work.

To get around i assigned the server a second IP address 10.90.30.2 and recreated the NAT as followed

#ip nat inside source static tcp 10.90.30.2 80 rrr.rrr.rrr.rrr 80 extendable

#ip nat inside source static tcp 10.90.30.2 443 rrr.rrr.rrr.rrr 443 extendable

NOW 10.90.30.166 is Primary IP of the server and is successfully talking across the VPN and 10.90.30.2 is successfully accepting the connection on these ports.

Problem is this server can not connect to the internet now.

i have just put an access list to allow the internet but it did not fix teh issue.

#access-list 111 permit ip host 10.90.30.2 any

Can some one assist in as to what i am missing, or what should i do for this server to get internet access with out breaking the VPN and existing NAT.

i thought to put some static route on the actual server but i am sure i might be missing soem thign in the access list.

Thanks inadvance for urgent assistance :P,

Rgds