Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PAT blocking IPsec

Hi,

I have problem with Portforwarding and IPsec tunnel:

When I set PAT:

ip nat inside source static tcp 192.168.10.207 101 WAN_IP 101 extendable

then this port is unavailable for remote PCs in other site via IPsec 192.168.7.0.

I have also set NAT on interface

ip nat inside source list NAT interface GigabitEthernet0/0 overload

ip access-list extended NAT
 deny   ip 192.168.10.0 0.0.0.255 192.168.7.0 0.0.0.255

 permit 192.168.10.0 0.0.0.255 any

this mean nonat to remote site :192.168.7.0 and natting to other

Everithings going well, but portforwarded ports dont.

Thanks for answers.

1 REPLY
New Member

hi, you have to use route-map

hi,

 

you have to use route-map for this problem

 

create the NAT access-list and apply with route-map and then creat nat traffic  with the route map

ex:

ip nat inside source static tcp 192.168.0.7 6004 y.y.y.y 6004 route-map nonat extendable

route-map nonat permit 10
 match ip address 101

the 101 will be your NAt access-list which you will have deny statement for VPN Networks and all other networks will be permitted.

if you configure like this your Natted IP also will work in the VPN.

if it is helpful please rate it.

cyril

 

 

30
Views
0
Helpful
1
Replies
CreatePlease to create content