Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN and port forwarding

Hi All,

I am no Cisco guru and are just learning so hopefully this is an easy one for someone here.

I have managed to setup a VPN between 3 sites, they are all linked together and each site can talk to the other 2.

They are all linked accross the internet in a VPN. The VPN is an IPSec site to site VPN.

I also have some port forwarding going on for things like smtp email and web mail etc...

What I have noticed is that the VPN works well and passes all the ports except for the ones listed under port forwarding.

For example, if I am at one of the sites where the email server isn't, then I cannot get to the webmail.

eg: lets say site one has the email server and has ports 25 and 443 forwarding to the email server.

Site two, will not be able to get to the webmail.

Site three will not be able to get to the webmail.

It basically just can't find it.

From anywhere else on the internet, you can access the webmail ok.

So it seems that all ports get forwarded between sites, but if I try to use something that has a specific port forwarding, then that doesn't seem to go through the VPN correctly and doesn't complete.

Any idea what might cause this type of issue ?

Any help is appreciated.


Re: VPN and port forwarding

Hello, Phillip.

The issue could be due to NAT configuration vs IPSec.

Please share your NAT config and IPSec?

If the issue is due to order of operation between IPSec (crypto map) and NAT, then easiest way is to migrate from crypto map to VTI or adjust NAT with route-map.

CreatePlease to create content