02-12-2007 02:46 PM - edited 02-21-2020 01:24 AM
We have several stores with cisco 801 series ISDN routers. We have a VPN setup so that we can PCAnywhere in to our store computers through our internal addresses. Recently we found the need to be able to PC anywhere into our stores from an external location. So, I setup a NAT to go like this
ip nat inside source static tcp 192.168.12.100 5631 207.224.xxx.xxx 5631
ip nat inside source static udp 192.168.12.100 5632 207.224.xxx.xxx 5632
this was fine to access our computers through an external IP, however we are not able to access them through our internal IP. Is there some way I can add another NAT command or access list command to the config so that we can PCAnywhere in from outside AND inside our VPN.
Thank you
02-16-2007 01:07 PM
Use the following command to do PAT in 801:
ip nat inside source {list { access-list-number | name} pool name [overload] }
Example:
ip nat inside source list 20 interface serial 0 overload
// where 20 is an access list.
Remember to set your nat inside and outside interfaces.
02-21-2007 04:19 AM
Hi,
In IOS, the static NAT takes precedence over any other NAT.
So you need to do policy routing in this case.
Create an access-list :
access-list 101 permit ip 192.168.12.0 0.0.0.255
Create loopback intf :
int loopback 1
ip address 1.1.1.1 255.255.255.0
exit
Createa route map :
route map policy permit 10
match ip address 101
set interface loopback 1
exit
Appy the route-map on the LAN interface :
int fasteth0/0
ip policy route-map policy
exit
That should do it !
Let me know if you have some question.
-Kanishka
02-21-2007 09:35 AM
Hi Kanishka,
I had a similar problem and yes, I was able to get around it using the policy routing with the int loopback
my problem now is that I would love to know why. I would like to understand the inner details about this fix. I have several configurations and one of them had this work-around, so all I did was apply the same commands... but again, I'd love to know why this method of sort of lying to the router works
any explanations, links, etc will be really appreciated
thanks
11-18-2010 08:45 AM
Just an FYI.. If you're using a newer version of IOS and this does not appear to be working, replace "set interface loopback X" with "set default interface loopback X".
That fixed it for me.
Thanks,
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide