Santiy Check setting up Inbound NAT and excluding from VPN traffic.
Posted on 2008-10-20
We have a customer with an 1841 in their head office with 800 series boxes in site offices. All advanced IP based IOS.
When setting up the 1841 we get internet access fine, and get all the VPN's working a treat... no problems thus far. However, when we configured inbound NAT/PAT translations we end up not being able to pass the equivalent ports/traffic across the VPN. For example, SMTP email is fed to the main office to an Exchange 2k3 box which then routes emails for the branch offices by SMTP over VPN's to sub-Exchange boxes... but the traffic gets blocked in that we cannot connect to the SMTP server in the main site, from the remote offices - but the main site can connect to the remote SMTP servers in the site offices with no problems.
On checking the WWW for this issue, it became clear we had an issue with correct routing of packets due to combined overloading and NAT/PAT'ing of the same WAN interface.... so we've changed our config to the following one. This cannot be tested inhouse as the box is to be sent to our client to try out, but we just wanted to sanity check it for anything obvious.
Thanks in advance.