Configuring IPsec Tunnel with dynamic and static NAT

jfontes · ‎04-12-2006

Hi,

I have a 836 router with a IPSec tunnel, dynamic NAT and simultaneously static

one-to-one Port Static NAT to a inside server on port 25 (smtp), using the dialer 1

interface IP Address. When I configure the static NAT, the configuration is

accepted:

ip nat inside source list 170 interface Dialer1 overload

ip nat inside source static tcp 192.168.1.200 25 83.240.130.6 25 route-map

NONAT extendable

and if we see the show ip nat translations, it shows correctly the NAT on port 25:

Lusotufo_Seia#sh ip nat translations

Pro Inside global Inside local Outside local Outside

global

tcp 83.x.x.6:25 192.168.1.200:25 194.65.14.186:1439

194.65.14.186:1439

tcp 83.x.x.6:23 192.168.1.254:23 194.65.147.166:11333

194.65.147.166:11333

tcp 83.x.x.6:25 192.168.1.200:25 --- ---

Lusotufo_Seia#

But when we issue the running configuration the command shows a static NAT not Port Static NAT, and if the router reloads we lost remote access to router, because the static NAT directs all traffic to the inside server:

ip nat inside source list 170 interface Dialer1 overload

ip nat inside source static 192.168.1.200 83.x.x.6 route-map NONAT extendable

It possible to change this behavior, using only the interface Dialer 1 public IP

address?

Regards,

Joao Fontes

smalkeric · ‎04-18-2006

This URL should help you:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml