Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
2
Replies

Acess Devices from other side of VPN Tunnel and out side

Go to solution
krishan.saran
Level 1
Level 1

‎08-22-2010 10:55 PM - edited ‎03-04-2019 09:31 AM

Hi Guys

We have two Cisco 851 routers at two locations there is a VPN tunnel between both locations, Supose location A and Location B, i have some PAT rules in Location A router to access some devices form outside using port numbers e.g 10.10.11.206 port no. 35300, i can acess this device from any where but from location B i can ping this, but can't access the device if i remove the PAT rules from router A than i can access using LAN IP but if the PAT rules are there than only by WAN ip not the LAN IP, I cant understand why, there is any soloution so that i can acess my devices form from Location B using LAN IP and from outside word using WAN IP. I am Attaching the Running Config of Router A.

Labels:
70885-running_config.TXT.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-23-2010 05:26 AM

Hello,

I think you need to configure static statements with route-maps. Please try

the following:

access-list 199 deny tcp host 10.10.11.206 eq 35300 10.10.10.0 0.0.0.255

access-list 199 permit tcp host 10.10.11.206 eq 35300 any

access-list 198 deny tcp host 10.10.11.250 eq 2300 10.10.10.0 0.0.0.255

access-list 198 permit tcp host 10.10.11.250 eq 2300 any

access-list 197 deny tcp host 10.10.11.1 eq 23 10.10.10.0 0.0.0.255

access-list 197 permit tcp host 10.10.11.1 eq 23 any

access-list 196 deny tcp host 10.10.11.1 eq 8080 10.10.10.0 0.0.0.255

access-list 196 permit tcp host 10.10.11.1 eq 8080 any

Route-map Remote_1

match ip address 199

exit

Route-map Remote_2

match ip address 198

exit

Route-map Remote_3

match ip address 197

exit

Route-map Remote_4

match ip address 196

exit

no ip nat inside source static tcp 10.10.11.206 35300 interface FastEthernet4 35300

no ip nat inside source static tcp 10.10.11.250 2300 interface FastEthernet4 2300

no ip nat inside source static tcp 10.10.11.1 23 interface FastEthernet4 23

no ip nat inside source static tcp 10.10.11.1 8080 interface FastEthernet4 8080

ip nat inside source static tcp 10.10.11.206 35300 35300 route-map Remote_1

ip nat inside source static tcp 10.10.11.250 2300 2300 route-map Remote_2

ip nat inside source static tcp 10.10.11.1 23 23 route-map Remote_3

ip nat inside source static tcp 10.10.11.1 8080 8080 route-map Remote_4

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-23-2010 05:26 AM

Hello,

I think you need to configure static statements with route-maps. Please try

the following:

access-list 199 deny tcp host 10.10.11.206 eq 35300 10.10.10.0 0.0.0.255

access-list 199 permit tcp host 10.10.11.206 eq 35300 any

access-list 198 deny tcp host 10.10.11.250 eq 2300 10.10.10.0 0.0.0.255

access-list 198 permit tcp host 10.10.11.250 eq 2300 any

access-list 197 deny tcp host 10.10.11.1 eq 23 10.10.10.0 0.0.0.255

access-list 197 permit tcp host 10.10.11.1 eq 23 any

access-list 196 deny tcp host 10.10.11.1 eq 8080 10.10.10.0 0.0.0.255

access-list 196 permit tcp host 10.10.11.1 eq 8080 any

Route-map Remote_1

match ip address 199

exit

Route-map Remote_2

match ip address 198

exit

Route-map Remote_3

match ip address 197

exit

Route-map Remote_4

match ip address 196

exit

no ip nat inside source static tcp 10.10.11.206 35300 interface FastEthernet4 35300

no ip nat inside source static tcp 10.10.11.250 2300 interface FastEthernet4 2300

no ip nat inside source static tcp 10.10.11.1 23 interface FastEthernet4 23

no ip nat inside source static tcp 10.10.11.1 8080 interface FastEthernet4 8080

ip nat inside source static tcp 10.10.11.206 35300 35300 route-map Remote_1

ip nat inside source static tcp 10.10.11.250 2300 2300 route-map Remote_2

ip nat inside source static tcp 10.10.11.1 23 23 route-map Remote_3

ip nat inside source static tcp 10.10.11.1 8080 8080 route-map Remote_4

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
krishan.saran
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-25-2010 09:25 PM

Thanks Nagaraja

Its Works

Thanks A lot

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card