The remote site network is a public IP range not Public , and has rules that restricts the VPN to rdp and web ports from our Private network.
There is an ACL to tell the router not to Nat the private (Our Network) to public (remote site) traffic. I haven't configured a route map as I actually want the static nat to take precedence
The VPN works fine except for Mail. The remote site has a Mail server that cannot send mail to the SBS Server. What I see happening is the remote site tries to send mail to our external address using our MX record , this traffic arrives unencrypted and I see the Translation in the show IP Nat translations. But the connection times out. When I try to send mail from the SBS server to the remote site, there is no translation in the table and again the connection times out. I am assuming that in my case the static translation is not taking precedence.
This is confusing me as if Static nat worked as described in the above article without the use of a route map I wouldn't have an issue.
Has anybody else seen this behavour.
I read somewhere that NAT access-lists dont work with port numbers. I was thinking of putting in deny statements based only on the ports allowed over the VPN in the NAT ACL.
"From my understanding you would like to use Dialer0 ip address for mail traffic from your remote site which is connected via site-to-site vpn tunnel."
Yes I do want to use the Dialer0 ip address for mail traffic to the remote site but I dont want it to go over the VPN as this is restricted at the remote site to rdp and www originating on our Private network.
"On your crypto ACL, do you have crypto ACL between your Dialer0 and the remote LAN, and mirror image on your remote site?"
The Crypto ACL is just between our Private Network and the remote LAN. The remote site is the same. Which is why when mail is sent to us to our MX address , the Dialer0 ip address, it is not encrypted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...