Solved

Cisco router 87x - Combining NAT & VPNs

Posted on 2009-05-15
10
492 Views
Last Modified: 2013-11-16
Hi,

We have Cisco 87x routers and 2 sites lets call them siteA and siteB.  There is a Cisco VPN tunnel between siteA and siteB setup using the SDM Wizard.

The problem we have is if we create any incoming NAT rules like the following -
At SiteA incoming NAT rule for SMTP to 192.168.0.1
Then from SiteB no-one can connect to SMTP at 192.168.0.1

This is the same for any NAT rule I create coming into SiteA then becomes unavailable for SiteB users.  Why is this?  What can I do about it?

Thankyou


0
Comment
Question by:nmxsupport
  • 5
  • 5
10 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24397632
You can exclude the servers from NAT when talking to the SiteB subnet.

For example:

conf t
ip access-list ext static-no-nat
deny ip any 192.168.x.0 0.0.0.255   <--site B subnet
permit ip any any

route-map static-no-nat permit 10
 match ip address static-no-nat

no ip nat inside source static tcp 192.168.0.1 25 x.x.x.x 25
ip nat inside source static tcp 192.168.0.1 25 x.x.x.x 25 route-map static-no-nat
0
 

Author Comment

by:nmxsupport
ID: 24397778
Unfortunately it looks like the 800 series routers may not support the "route-map" command
I tried but it said % invalid input at the "route-map" command
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24397795
The route-map on the static NAT statement or just adding the route-map?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:nmxsupport
ID: 24403074
It was the route-map on the static NAT statement
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24404503
Yeah, figured, you'll need to upgrade for it to work.  Can you post a "show version"?
0
 

Author Comment

by:nmxsupport
ID: 24410116
I found out the route-map command is not valid with my static IP addresses with the following line
ip nat inside source statip tcp 192.168.1.1 25 interface Dialer0 25
but will work with the following
ip nat inside source static tcp 192.168.1.1 25 81.201.22.11 25  
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24411070
Yeah, sorry, should have mentioned.  I assumed you were specifying an IP address.  Does it take care of the issue using that config?
0
 

Author Comment

by:nmxsupport
ID: 25550260
I have overlooked this issue I will have another go if JFrederick29 is still available to assist?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 25550395
Yep, I am available.  Let me know if that config works.
0
 

Author Comment

by:nmxsupport
ID: 25685846
Yes worked fine thankyou.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question