11-23-2013 10:06 AM - edited 03-04-2019 09:39 PM
Hi all,
My internet provider is giving me two ip classes (/29) that are routed to my external IP (applied to Gi0/0)
I configured split tunneling on my router like described here:
I adapted it to my settings. I have both static nat and pat enabled. Split tunneling works fine, my clients connect and can reach almost the internal network. The problem is that clients cannot reach servers that have static nat in my config. I'm posting below relevant information:
...
interface GigabitEthernet0/0
description WAN
ip address 89.xxx.yyy.zzz 255.255.255.0
ip access-group 150 in
no ip redirects
no ip unreachables
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
crypto map clientmap
...
interface Loopback0
ip address 85.186.xxx.ddd 255.255.255.248
...
interface Loopback1
ip address 85.186.xxx.eee 255.255.255.248
...
interface GigabitEthernet0/1.10
description LAN-DATA
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
no cdp enable
...
ip local pool VPN_POOL_1 192.168.180.1 192.168.180.14
...
ip nat inside source list 111 interface GigabitEthernet0/0 overload
ip nat inside source static 10.10.10.16 85.186.xx.aaa extendable
ip nat inside source static 10.10.10.16 85.186.xx.bbb extendable
ip nat inside source static 10.10.10.2 85.186.xx.ccc extendable
ip nat inside source static 10.10.10.9 85.186.xx.ddd extendable
...
access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.180.0 0.0.0.15
access-list 111 deny ip 10.10.10.0 0.0.0.255 192.168.180.0 0.0.0.15
access-list 111 permit ip 10.10.0.0 0.0.255.255 any
...
Can you please help me with a workaround to be able to reach 10.10.10.16, 10.10.10.2 and 10.10.10.9 from my vpn clients ip 192.168.180.0/28?
I can reach all other internal IP's like 10.10.10.5....
Thanks all for your help!
12-01-2013 03:35 AM
Anybody?
12-15-2013 06:05 AM
I'll answer it myself...
route-map noNAT permit 10
match ip address 111
Change static nat entries to:
ip nat inside source static 10.10.10.16 85.186.xx.aaa route-map noNAT extendable
....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide