Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
897
Views
0
Helpful
4
Replies

Help with Static NAT!!!

Go to solution
Kasiraman S
Level 1
Level 1

‎02-24-2011 04:13 AM - edited ‎03-04-2019 11:33 AM

Hello All,

I'm working with my lab router 1760 and I have two PC sitting behind that(INSIDE). My RTR acting as a EzVPN server and help the roaming clients access the server remotelly through client VPN. I would also like to configure static NAT to access the 2 Pcs sitting behind the RTR through unencrypted traffic(In case if people cant use VPN)

If I add the static NAT entry to allow the traffic from the internet, it causing issue for my VPN clients, because always the static NAT is taking effect and causing the reverse traffic from PC not able to reach the VPN clients. I'm not able to exempt the traffic from PC to EzVPN client IP in the NAT entry. Please help me in solve the problem.

Please find the topology for reference and let me know if you require any further information.

Thanks,

Kasi

Labels:
Preview file
30 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎02-24-2011 04:23 AM

You just need to configure a no-nat rule for the traffic from the PC's to the DHCP pool of addresses for the VPN client.

And 2 static NAT's for the PC's when they access anything not from the DHCP pool for the VPN Client.

HTH>

View solution in original post

0 Helpful
4 Replies 4

Go to solution
andrew.prince
Level 10
Level 10

‎02-24-2011 04:23 AM

You just need to configure a no-nat rule for the traffic from the PC's to the DHCP pool of addresses for the VPN client.

And 2 static NAT's for the PC's when they access anything not from the DHCP pool for the VPN Client.

HTH>

0 Helpful

Go to solution
Kasiraman S
Level 1
Level 1
In response to andrew.prince

‎02-24-2011 04:51 AM

Hi Andrew,

Thanks for your input. But i do not understand about the no-nat. Are you asking me to add any ACL to deny the traffic from PC to VPN Client's IP.

Now I got some idea now,

Can I use the below command, would that help

__________________________________________________________________________

ip nat inside source static tcp 3389 3381 route-map RDP

!

route-map RDP permit 10
match ip address RDP

!

ip access-list exten RDP

10 deny ip

20 permit ip any

PLEASE ADIVCE.

Great thanks,

Kasi

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to Kasiraman S

‎02-24-2011 08:23 AM

That is a possible way -  I personally would go with a route-map, for me it enables a more granular way of flexibility for translation.

JMTPW

HTH>

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni

‎02-24-2011 04:23 AM

Hi Kasi,

You need to use different seperate public IP for NAT.
And for your eazy vpn the Ip should be different one.

Please configure your NAT statement like below and see.
ip nat inside source static 10.10.10.10 202.202.202.202 extendable

Please rate the helpfull posts.

Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents