Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
3
Replies

Static NAT causes unable to access server via internal IP

NAGISWAREN2
Level 1
Level 1

‎11-23-2011 06:02 PM

Hi all,

Need some help. I running site-to-site IPsec VPN in Cisco 2811 IOS 12.4 both site. Here I encounter a problem to access server on  Site A from Site B

Site A having Leased Line connected to router with Public IP. I have done static mapping 1 web server to Public IP (NAT). This to allow external users to access the server via Public IP. At the same time, users at Site B would need to access to same server via Internal IP since they have Site-to-Site VPN established. But once I done Static Mapping (NAT), user at Site B unable to access the server at Site A using its internal IP. But external user can access server via Public IP. What went wrong here. Do i need to add extra command to get this done? We really need this.

Regards, Nagis
Labels:
0 Helpful
3 Replies 3

mvsheik123
Level 7
Level 7

‎11-23-2011 06:18 PM

I don't this it causes any issue. Are you trying to accesss the server from SiteB via IP or DNS name? If DNS, can you try by IP? Share the configs.

Thx

MS

0 Helpful

NAGISWAREN2
Level 1
Level 1
In response to mvsheik123

‎11-23-2011 06:25 PM

Hi sheik,

I'm accessing the server form Site B using its server's LAN IP.

If I remove the static NAT statement from my router at Site A, everything works well. I can access the server from site B using its LAN IP via Site-to-Site VPN. But in this case, external users unable to access server via Public IP since no Static NAT statement.

Regards, Nagis
0 Helpful

NAGISWAREN2
Level 1
Level 1
In response to NAGISWAREN2

‎11-24-2011 04:19 AM

Hi All,

I manage to get this work. I use route-map behind my Static NAT statement. This allow the server to be natted to the Public IP when communicating to any external IP except to Site B IP address.

Regards, Nagis
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents