Solved

Unable to access Citrix ICA over CISCO 857 site-to-site VPN

Posted on 2008-10-08
11
975 Views
Last Modified: 2012-06-22
Folks,
I have an existing IPSec VPN tunnel working well, file, print and most everything else seams to be working well.
It has been years since the remote office needed access to the Citrix server but now they do, it used to work fine with the SonicWall VPN but this Cisco stuff is a mystery to me still.

Locally and via the WI I can telnet to 1494 and 1604 without a problem.

For the life of me I cannot get to the the ICA server from the remote office. In the ICA client I can get the host name resolved to the IP and all that stuff but when I try to get a connection established the client errors saying that there is no ICA server located on that subnet.

Here are the Cisco configs.

HEAD OFFICE


Building configuration...

Current configuration : 11684 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TB_BB_Advantage
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
no ip source-route
ip dhcp excluded-address 10.10.10.246 10.10.10.254
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
no ip bootp server
ip domain name direct.telstra.net
ip name-server 203.50.2.71
ip name-server 139.130.4.4
ip ssh version 2
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
!
!
crypto pki trustpoint TP-self-signed-179205607
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-179205607
 revocation-check none
 rsakeypair TP-self-signed-179205607
!
!
crypto pki certificate chain TP-self-signed-179205607
 certificate self-signed 01
  3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31373932 30353630 37301E17 0D303230 33303130 30303834
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3137 39323035
  36303730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9C0696E8 B8BAEAFA D9B64748 856AD342 A591F90A 6804C916 E02607CD 99C87D20
  0F189749 64396176 37441C5A 1641AD8E A70CB2A6 2E98D682 D5FE6B30 171D2D63
  666FFA4C E0A71CBE D10E1A1D E10C0CA6 5CC88A74 4F107202 CCE3CA79 35523BEE
  047A8698 DDD79924 2B7113DB D1E6529F 977DFC8F 8B1F8218 F482F7C0 D5203EC9
  02030100 01A38183 30818030 0F060355 1D130101 FF040530 030101FF 302D0603
  551D1104 26302482 2254425F 42425F41 6476616E 74616765 2E646972 6563742E
  74656C73 7472612E 6E657430 1F060355 1D230418 30168014 CB86EDD7 5D93B57B
  E3BA2B5E B2D939B7 B5259FA4 301D0603 551D0E04 160414CB 86EDD75D 93B57BE3
  BA2B5EB2 D939B7B5 259FA430 0D06092A 864886F7 0D010104 05000381 8100397E
  FCEE4D55 4AD34555 B57DB0EF A0101EE2 4768623F CC776090 CDA13045 6CB707EE
  DB891241 ED298C4F F4E5426F 6EA7F0BC 78AEB977 911C0CD4 EF1EF776 0B324328
  B917E50B BCE09755 17335091 CE1AD3CE 4853F729 7D5A0508 759F5AD8 0F0B4A14
  5162EBFF 50047561 445877AF 76278C60 31A017CF F9CC1AA1 C45DC343 DCAE
  quit
!
!
username aXXXXXXX privilege 15 secret 5 $1$
username cXXXXXXX privilege 15 secret 5 $1$
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address 2.4.5.2
crypto isakmp key xxxxxxxx address 192.168.43.0 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to 203.45.5.223
 set peer 203.45.5.223
 set transform-set ESP-3DES-SHA3
 match address 104
!
!
!
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 load-interval 30
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description CUSTOMER_LOCAL_LAN$FW_INSIDE$
 ip address 192.168.42.1 255.255.255.0
 ip access-group 105 in
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
!
interface Dialer0
 description ADSL Link FNN xxxxxxx$FW_OUTSIDE$
 ip address 2.4.1.2 255.255.255.0
 ip access-group 106 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect SDM_MEDIUM out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname emailaddress@direct.telstra.net
 ppp chap password <password>
 crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 22
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.42.5 80 interface Dialer0 80
ip nat inside source static tcp 192.168.42.5 5800 interface Dialer0 5800
ip nat inside source static tcp 192.168.42.5 5900 interface Dialer0 5900
ip nat inside source static tcp 192.168.42.10 1494 interface Dialer0 1494
ip nat inside source static tcp 192.168.42.10 1604 interface Dialer0 1604
ip nat inside source static tcp 192.168.42.5 25 interface Dialer0 25
ip nat inside source static tcp 192.168.42.5 110 interface Dialer0 110
ip nat inside source static tcp 192.168.42.5 1723 interface Dialer0 1723
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 22 remark SDM_ACL Category=17
access-list 22 permit 192.168.42.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit gre host 192.168.42.1 host 192.168.43.0 log
access-list 101 remark SDM_ACL Category=4
access-list 101 permit gre host 192.168.42.1 host 203.45.5.223
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.42.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 192.168.42.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 103 permit ip 192.0.0.0 0.255.255.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.42.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit ip any any log
access-list 105 permit icmp any any
access-list 105 permit ip 203.45.10.0 0.0.0.255 any log
access-list 105 deny   ip host 255.255.255.255 any log
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit tcp any host 203.45.10.245 eq pop3
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 106 remark PING
access-list 106 permit icmp host 203.45.5.223 host 203.45.10.245 log
access-list 106 permit udp host 203.45.5.223 host 203.45.10.245 eq non500-isakmp
access-list 106 permit udp host 203.45.5.223 host 203.45.10.245 eq isakmp
access-list 106 permit esp host 203.45.5.223 host 203.45.10.245
access-list 106 permit ahp host 203.45.5.223 host 203.45.10.245
access-list 106 permit tcp any host 203.45.10.245 eq 1604
access-list 106 permit tcp any host 203.45.10.245 eq 1494
access-list 106 permit tcp any host 203.45.10.245 eq 5900
access-list 106 permit tcp any host 203.45.10.245 eq 1723
access-list 106 permit tcp any host 203.45.10.245 eq 5800
access-list 106 permit tcp any host 203.45.10.245 eq www
access-list 106 permit tcp any host 203.45.10.245 eq smtp
access-list 106 permit udp host 139.130.4.4 eq domain host 203.45.10.245
access-list 106 permit udp host 203.50.2.71 eq domain host 203.45.10.245
access-list 106 permit icmp any host 203.45.10.245 echo-reply log
access-list 106 permit icmp any host 203.45.10.245 time-exceeded log
access-list 106 permit icmp any host 203.45.10.245 unreachable log
access-list 106 permit tcp 192.168.42.0 0.0.0.255 host 203.45.10.245 eq 443
access-list 106 permit tcp 192.168.42.0 0.0.0.255 host 203.45.10.245 eq 22
access-list 106 permit tcp 192.168.42.0 0.0.0.255 host 203.45.10.245 eq cmd
access-list 106 deny   ip 10.0.0.0 0.255.255.255 any
access-list 106 deny   ip 172.16.0.0 0.15.255.255 any
access-list 106 deny   ip 127.0.0.0 0.255.255.255 any
access-list 106 deny   ip host 255.255.255.255 any
access-list 106 deny   ip host 0.0.0.0 any
access-list 106 permit gre any any
no cdp run
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
banner login ^C

***********************************************************************
* Access to this computer system is limited to authorised users only. *
* Unauthorised users may be subject to prosecution under the Crimes   *
*                       Act or State legislation                      *
*                                                                     *
* Please note, ALL CUSTOMER DETAILS are confidential and must         *
*                         not be disclosed.                           *
***********************************************************************
^C
!
line con 0
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 2
 access-class 22 in
 exec-timeout 20 0
 transport input telnet
line vty 3 4
 exec-timeout 20 0
 transport input ssh
!
scheduler max-task-time 5000
end



Remote Site

Building configuration...

Current configuration : 7189 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TB_BB_BNE
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name direct.telstra.net
ip name-server 203.50.2.71
ip name-server 139.130.4.4
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-2436891143
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2436891143
 revocation-check none
 rsakeypair TP-self-signed-2436891143
!
!
crypto pki certificate chain TP-self-signed-2436891143
 certificate self-signed 01
  30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32343336 38393131 3433301E 170D3032 30333038 32323136
  31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34333638
  39313134 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009B4D 58731F37 366BB902 CC8473E5 C3FFEC27 358D22D0 6B0E5FB2 C2D1336C
  F479CF09 ABCA5840 1F9F61E2 B040280F 61AB1ECB DB3A0E94 A86AF11F 7085CF5C
  DA66C6EA 186D4D8C 6DB2A482 0B416D38 2D88C543 8A5D6719 85B78A74 9C3CDB80
  F85221B5 C88C2F59 F3AECE4D E0897714 1F08C5ED CBDA8713 41AA78B9 3AC3F4D0
  0B630203 010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603
  551D1104 20301E82 1C54425F 42425F42 4E452E64 69726563 742E7465 6C737472
  612E6E65 74301F06 03551D23 04183016 8014F6CE A83CB5F2 EDE4FE93 0F0C2337
  6CA92729 11A2301D 0603551D 0E041604 14F6CEA8 3CB5F2ED E4FE930F 0C23376C
  A9272911 A2300D06 092A8648 86F70D01 01040500 03818100 8B6FA775 817C7235
  3C8DD398 D982EB49 9A85C091 A005CAF9 53FA142F E333D4C4 A41D5270 E917C98D
  2E8C3CE3 02D0DCF9 124F77F8 EF5C1EE6 C3CC4C2F 182C757B 66A24DB1 4F480BF8
  F7D7F89A ABDFF8AC F6A59172 3F0395EF 1BAB1C7A 3C6F8BCB 36EEC25E EC6856FF
  CDEA0BA4 2DCFB1CC 22F47203 B9B9B668 7432E69B 8CFC9520
  quit
!
!
vtp mode transparent
username axxxxxxxx privilege 15 secret 5 $1$
username emailaddress@direct.telstra.net privilege 15 secret 5 $1$o7/N$ps53yVv0ZE2
G0o4vVekQ//
username cxxxxxxxx privilege 15 secret 5 $1$
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 3bmshtr address 203.45.10.245
!
!
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to203.45.10.245
 set peer 203.45.10.245
 set transform-set ESP-3DES-SHA3
 match address 104
!
!
!
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 load-interval 30
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Vlan1
 description CUSTOMER_LOCAL_LAN
 ip address 192.168.43.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
!
interface Dialer0
 description ADSL Link FNN xxxxxxx
 ip address 203.45.5.223 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname emailaddress@direct.telstra.net
 ppp chap password <password>
 crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.42.0 255.255.255.0 203.45.10.245
!
no ip http server
ip http access-class 22
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended SDM_1
 remark SDM_ACL Category=4
 remark IPSec Rule
 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
!
access-list 22 permit 124.246.27.173
access-list 22 remark SDM_ACL Category=17
access-list 22 permit 192.168.43.0 0.0.0.255
access-list 100 permit gre host 192.168.43.1 host 192.168.42.0
access-list 100 remark SDM_ACL Category=4
access-list 101 remark SDM_ACL Category=4
access-list 101 permit gre host 192.168.43.1 host 203.45.10.245
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark route-map
access-list 103 deny   ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 103 permit ip 192.168.43.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 105 permit ip any any
access-list 105 permit icmp any any
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 106 permit ahp host 203.45.10.245 host 203.45.5.223
access-list 106 permit esp host 203.45.10.245 host 203.45.5.223
access-list 106 permit udp host 203.45.10.245 host 203.45.5.223 eq isakmp
access-list 106 permit udp host 203.45.10.245 host 203.45.5.223 eq non500-isakmp
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
banner login ^C

***********************************************************************
* Access to this computer system is limited to authorised users only. *
* Unauthorised users may be subject to prosecution under the Crimes   *
*                       Act or State legislation                      *
*                                                                     *
* Please note, ALL CUSTOMER DETAILS are confidential and must         *
*                         not be disclosed.                           *
***********************************************************************
^C
!
line con 0
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 2
 access-class 22 in
 exec-timeout 20 0
 transport input telnet
line vty 3 4
 exec-timeout 20 0
 transport input ssh
!
scheduler max-task-time 5000
end

TB_BB_BNE#

Hopefully someone can see what I am missing in this puzzle
0
Comment
Question by:jade_ryan
  • 4
  • 3
11 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22675530
First of all:

log in to both routers and do this:

no username a****

You know which one I'm talking about, people can take advantage of that if they see it because of the default password it has....

That and you've got your WAN IP's posted there too.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22675544
And you passwords here:

 ppp chap password 7 07XXXXXXXXXXX

Can be reversed.

Time to get a MOD to at least mask these mistakes.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22675556
And call Telstra to change your ppp passwords A.S.A.P. @ 1800 066 594

0
 

Author Comment

by:jade_ryan
ID: 22675760
Thanks kyleb84, I thought I had edited that stuff out, I guess I broke my own rule of checking everything twice before hitting the submit button.

A tired mind is never a good judge.

How do I contact a moderator?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 10

Expert Comment

by:kyleb84
ID: 22675767
I've already flagged it for attention jade, they get to it eventually.
0
 

Author Comment

by:jade_ryan
ID: 22675770
Thanks so much, I'm kicking myself that I missed those details.

What a week it's been.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 23203672
NAT is the issue.  A route-map attached to the static NAT should take care of this issue.

conf t
ip access-list ext static-no-nat
deny ip any 192.168.43.0 0.0.0.255
permit ip any any

route-map static-no-nat permit 10
 match ip address static-no-nat

no ip nat inside source static tcp 192.168.42.10 1494 interface Dialer0 1494
no ip nat inside source static tcp 192.168.42.10 1604 interface Dialer0 1604
ip nat inside source static tcp 192.168.42.10 1494 interface Dialer0 1494 route-map static-no-nat
ip nat inside source static tcp 192.168.42.10 1604 interface Dialer0 1604 route-map static-no-nat
0
 

Author Closing Comment

by:jade_ryan
ID: 31504509
Thank you so much, sorry I took so long to respond to this question but I have been in hospital for some time.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

CITRIX XENAPP 6.5 FARM CUSTOM POLICY - CHANGE MANAGEMENT WINDOW REBOOT SCHEDULE
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now