08-22-2010 10:55 PM - edited 03-04-2019 09:31 AM
Hi Guys
We have two Cisco 851 routers at two locations there is a VPN tunnel between both locations, Supose location A and Location B, i have some PAT rules in Location A router to access some devices form outside using port numbers e.g 10.10.11.206 port no. 35300, i can acess this device from any where but from location B i can ping this, but can't access the device if i remove the PAT rules from router A than i can access using LAN IP but if the PAT rules are there than only by WAN ip not the LAN IP, I cant understand why, there is any soloution so that i can acess my devices form from Location B using LAN IP and from outside word using WAN IP. I am Attaching the Running Config of Router A.
Solved! Go to Solution.
08-23-2010 05:26 AM
Hello,
I think you need to configure static statements with route-maps. Please try
the following:
access-list 199 deny tcp host 10.10.11.206 eq 35300 10.10.10.0 0.0.0.255
access-list 199 permit tcp host 10.10.11.206 eq 35300 any
access-list 198 deny tcp host 10.10.11.250 eq 2300 10.10.10.0 0.0.0.255
access-list 198 permit tcp host 10.10.11.250 eq 2300 any
access-list 197 deny tcp host 10.10.11.1 eq 23 10.10.10.0 0.0.0.255
access-list 197 permit tcp host 10.10.11.1 eq 23 any
access-list 196 deny tcp host 10.10.11.1 eq 8080 10.10.10.0 0.0.0.255
access-list 196 permit tcp host 10.10.11.1 eq 8080 any
Route-map Remote_1
match ip address 199
exit
Route-map Remote_2
match ip address 198
exit
Route-map Remote_3
match ip address 197
exit
Route-map Remote_4
match ip address 196
exit
no ip nat inside source static tcp 10.10.11.206 35300 interface FastEthernet4 35300
no ip nat inside source static tcp 10.10.11.250 2300 interface FastEthernet4 2300
no ip nat inside source static tcp 10.10.11.1 23 interface FastEthernet4 23
no ip nat inside source static tcp 10.10.11.1 8080 interface FastEthernet4 8080
ip nat inside source static tcp 10.10.11.206 35300
ip nat inside source static tcp 10.10.11.250 2300
ip nat inside source static tcp 10.10.11.1 23
ip nat inside source static tcp 10.10.11.1 8080
Hope this helps.
Regards,
NT
08-23-2010 05:26 AM
Hello,
I think you need to configure static statements with route-maps. Please try
the following:
access-list 199 deny tcp host 10.10.11.206 eq 35300 10.10.10.0 0.0.0.255
access-list 199 permit tcp host 10.10.11.206 eq 35300 any
access-list 198 deny tcp host 10.10.11.250 eq 2300 10.10.10.0 0.0.0.255
access-list 198 permit tcp host 10.10.11.250 eq 2300 any
access-list 197 deny tcp host 10.10.11.1 eq 23 10.10.10.0 0.0.0.255
access-list 197 permit tcp host 10.10.11.1 eq 23 any
access-list 196 deny tcp host 10.10.11.1 eq 8080 10.10.10.0 0.0.0.255
access-list 196 permit tcp host 10.10.11.1 eq 8080 any
Route-map Remote_1
match ip address 199
exit
Route-map Remote_2
match ip address 198
exit
Route-map Remote_3
match ip address 197
exit
Route-map Remote_4
match ip address 196
exit
no ip nat inside source static tcp 10.10.11.206 35300 interface FastEthernet4 35300
no ip nat inside source static tcp 10.10.11.250 2300 interface FastEthernet4 2300
no ip nat inside source static tcp 10.10.11.1 23 interface FastEthernet4 23
no ip nat inside source static tcp 10.10.11.1 8080 interface FastEthernet4 8080
ip nat inside source static tcp 10.10.11.206 35300
ip nat inside source static tcp 10.10.11.250 2300
ip nat inside source static tcp 10.10.11.1 23
ip nat inside source static tcp 10.10.11.1 8080
Hope this helps.
Regards,
NT
08-25-2010 09:25 PM
Thanks Nagaraja
Its Works
Thanks A lot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide