Solved: Re: LAN-2-LAN, with inside NAT

glen.stewart · ‎03-15-2007

Hi All,

I have a LAN-2-LAN VPN connection back to HO from a remote site. This router also has some NAT's defined to allow access to RDP from the internet etc.

Is there a way to also allow RDP using the internal address of the server once the NAT is in place?? Currently I can only access the server using RDP via its public address.

thanks in advance

ip nat inside source static tcp 172.28.9.1 3389 interface Dialer0 3389

thanks

kaachary · ‎03-16-2007

Hi Glen,

That would work, and for this you have to use PBR ( Policy Based Routing). Assuming the remote end subnet is 192.168.1.0/24 .

Here are the steps you need to follow :

1: Create an access-list to identify the traffic :

access-list 101 permit ip host 172.28.9.1 192.168.1.0 0.0.0.255

2: Create a loopback interface :

int loopback 1

ip address 1.1.1.1 255.255.255.0

exit

3: Create a route-map for PBR :

route-map pol_nat permit 10

match ip address 101

set ip next-hop 1.1.1.2

exit

4: Apply the route map to the LAN interface :

int fasteth0/0

ip policy route-map pol_nat

exit

That should do it !!

*Please rate if helped.

-Kanishka

View solution in original post

kaachary · ‎03-16-2007

Hi Glen,

That would work, and for this you have to use PBR ( Policy Based Routing). Assuming the remote end subnet is 192.168.1.0/24 .

Here are the steps you need to follow :

1: Create an access-list to identify the traffic :

access-list 101 permit ip host 172.28.9.1 192.168.1.0 0.0.0.255

2: Create a loopback interface :

int loopback 1

ip address 1.1.1.1 255.255.255.0

exit

3: Create a route-map for PBR :

route-map pol_nat permit 10

match ip address 101

set ip next-hop 1.1.1.2

exit

4: Apply the route map to the LAN interface :

int fasteth0/0

ip policy route-map pol_nat

exit

That should do it !!

*Please rate if helped.

-Kanishka

glen.stewart · ‎03-18-2007

Thanks very much Kanishka, much appreciated.