I'm using Cisco 2811 for gateway router in our office. It's not a big deal, just a few services but now I'm experiencing the following problem.
I've got dedicated range of IPv4 addresses which are provided by local ISP. I'm using one of these addresses to create static translations from outside-to-inside (I have a mail,web and dns server that must be reached from all over the world). Moreover, I've installed cisco eazyvpn to terminate our mobile users who travel with their notebooks, phones and etc. I'm mentioning the EasyVPN because it's the primary reason to use cisco's 'ip nat enable' feature instead of 'ip nat inside/outside' applied on interface (Because I want all the network traffic generated from mobile users to be translated by our router. Since there is no other way to make `inside` interface `outside` (because all the traffic is comming/going through the WAN interface where the crypto map is applyed) I have to use the NVI interface for that purpose. Also, I have to use PPtP for devices that don't support Cisco's VPN service and this is the main problem! Everything works fine, except one thing - static translation!
Let me introduce you my current configuration:
interface FastEthernet0/0.301 (WAN LINK)
encapsulation dot1Q 301
ip address X.X.X.X 255.255.255.X
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat enable
no cdp enable
crypto map IPSec
interface FastEthernet0/1.302 (LAN LINK)
encapsulation dot1Q 302
ip address 192.168.20.1 255.255.255.0
ip nbar protocol-discovery
ip nat enable
interface Virtual-Template1 (PPTP IF)
ip address 192.168.25.1 255.255.255.254
ip mtu 1460
ip tcp adjust-mss 1400
ip nat enable
ip ospf network point-to-point
ip ospf 100 area 0
keepalive 3600 168
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
ip nat source list office interface FastEthernet0/0.301 overload
ip nat source static tcp 192.168.20.5 8888 interface FastEthernet0/0.301 8888
Router#show ip nat nvi translations
Pro Source global Source local Destin local Destin global
tcp X.X.X.X:8888 192.168.20.5:8888 --- ---
Now, when I log into VPN using PPTP, I'm recieving ip address 192.168.25.34. Whit this address, I'm trying to open the following URL:
So my question is, how to handle with this? In PIX/ASA there is a nonat rule (zero rule) which can perfectly be used here but unfortunately this is not a firewall. So I hope that you've got my issue and I really hope that someone can give me a clue!
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...