Hi,

I have a Cisco 1921 which has the following Port Forwarding setup.

ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.15.1.2 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 10.15.1.33 8001 interface GigabitEthernet0/0 8001
ip nat inside source static tcp 10.15.1.33 8002 interface GigabitEthernet0/0 8002
ip nat inside source static udp 10.15.1.33 8001 interface GigabitEthernet0/0 8001
ip nat inside source static udp 10.15.1.33 8002 interface GigabitEthernet0/0 8002
ip nat inside source static tcp 10.15.1.4 443 interface GigabitEthernet0/0 9696
ip nat inside source static tcp 10.15.1.9 8081 GigabitEthernet0/0 8081 

The issue is with the following Port Forward

ip nat inside source static tcp 10.15.1.9 8081 interface GigabitEthernet0/0 8081

This is accessible externally however site has the following site to site VPN.

show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
4*.2**.*.** 81.138.***.** QM_IDLE 1105 ACTIVE

crypto map CMAP 10 ipsec-isakmp
set peer 81.138.***.**
set transform-set SKENE
match address 101

interface GigabitEthernet0/0
description WAN
ip address 4*.**.6.*** 255.255.255.***
ip access-group WAN_IN in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP

This has the following ACL

access-list 100 deny ip 10.15.1.0 0.0.0.255 10.15.4.0 0.0.0.255
access-list 100 permit ip 10.15.1.0 0.0.0.255 any
access-list 101 permit ip 10.15.1.0 0.0.0.255 10.15.4.0 0.0.0.255

IPSEC FLOW: permit ip 10.15.1.0/255.255.255.0 10.15.4.0/255.255.255.0
Active SAs: 2, origin: crypto map

The problem is I need to get the port forwarding to work over the VPN from 10.15.4.0 and I am unsure how to get this to work does anybody have any advice would this need a route map of some sort?

Any help would be greatly appreciated.

Regards

Ryan Neil