Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco router 87x - Combining NAT & VPNs

Posted on 2009-05-15
10
Medium Priority
?
502 Views
Last Modified: 2013-11-16
Hi,

We have Cisco 87x routers and 2 sites lets call them siteA and siteB.  There is a Cisco VPN tunnel between siteA and siteB setup using the SDM Wizard.

The problem we have is if we create any incoming NAT rules like the following -
At SiteA incoming NAT rule for SMTP to 192.168.0.1
Then from SiteB no-one can connect to SMTP at 192.168.0.1

This is the same for any NAT rule I create coming into SiteA then becomes unavailable for SiteB users.  Why is this?  What can I do about it?

Thankyou


0
Comment
Question by:nmxsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 24397632
You can exclude the servers from NAT when talking to the SiteB subnet.

For example:

conf t
ip access-list ext static-no-nat
deny ip any 192.168.x.0 0.0.0.255   <--site B subnet
permit ip any any

route-map static-no-nat permit 10
 match ip address static-no-nat

no ip nat inside source static tcp 192.168.0.1 25 x.x.x.x 25
ip nat inside source static tcp 192.168.0.1 25 x.x.x.x 25 route-map static-no-nat
0
 

Author Comment

by:nmxsupport
ID: 24397778
Unfortunately it looks like the 800 series routers may not support the "route-map" command
I tried but it said % invalid input at the "route-map" command
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24397795
The route-map on the static NAT statement or just adding the route-map?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:nmxsupport
ID: 24403074
It was the route-map on the static NAT statement
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24404503
Yeah, figured, you'll need to upgrade for it to work.  Can you post a "show version"?
0
 

Author Comment

by:nmxsupport
ID: 24410116
I found out the route-map command is not valid with my static IP addresses with the following line
ip nat inside source statip tcp 192.168.1.1 25 interface Dialer0 25
but will work with the following
ip nat inside source static tcp 192.168.1.1 25 81.201.22.11 25  
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24411070
Yeah, sorry, should have mentioned.  I assumed you were specifying an IP address.  Does it take care of the issue using that config?
0
 

Author Comment

by:nmxsupport
ID: 25550260
I have overlooked this issue I will have another go if JFrederick29 is still available to assist?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 25550395
Yep, I am available.  Let me know if that config works.
0
 

Author Comment

by:nmxsupport
ID: 25685846
Yes worked fine thankyou.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question