[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco Router NAT setup

Posted on 2009-02-11
1
Medium Priority
?
669 Views
Last Modified: 2012-05-06
HI guys,
I have a network that is connected via site to site VPN's using BDSL internet connections and Cisco 1812 Routers.

I have set up static NAT entries on each router so users can access their terminal servers from home, however with this entry in place, users on other subnets cannot connect to the terminal server on other subnnets.

IE  one subnet  10.93.100.0 is connected via VPN to subnet 10.93.101.0
On the router for the 10.93.101.0 subnet, i have a static NAT entry, linking the terminal server (10.93.101.105) to the outside interface.  
Users outside our network can connect through nat, however users on the 10.93.100.0 subnet cannot connect with this NAT entry in place. If i take the entry out, all users on all subnets can connect again (obviously external users cannot)

I am thinking i need to set up an access list for the NAST setup, but am not really sure.

Thanks in advance!
0
Comment
Question by:digitalts
1 Comment
 
LVL 5

Accepted Solution

by:
rexxus earned 750 total points
ID: 23610857
I think I understand the problem.

With the static NAT in place external users can connect, to be expected, but VPN users cannot.  This indicates the NAT statement is being used in preference to the site to site VPN config.

If you configure route map based NAT'ing I think it should sort you out.  Have a look at the following to get an idea what you may need:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

Basically, you want to match when a user from 10.93.100.0 is accessing the server and not NAT so the traffic traverses the VPN, but do NAT when anyone else accesses the server.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Is your computer hacked? learn how to detect and delete malware in your PC
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question