cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
3
Replies

NAT Rule to allow access to correct server

Keith Uhlmann
Level 1
Level 1

I've got an application that runs on an internal server. When connected to the LAN, users can connect to this server IP via port 211. When connected to VPN they cannot. 

I did a tracert to determine where the traffic was going. When connected to the LAN, there is 1 hop to the IP address. When connected to the VPN, there are two hops via another ip and then the ip of the server we need. How can I NAT a rule to allow traffic for the correct server to get where it needs to go?

 

Here are the IPs concerned.

 

192.168.1.120 is the server I need to connect to via port 211. This works fine when on the LAN.

When I am on VPN, the first hop is xx.xx.xx.xx (our external IP) and then 192.168.1.120. How can I translate the traffic to hit 192.168.1.120 rather than the external IP? Is this even possible?

 

3 Replies 3

johnd2310
Level 8
Level 8

Hi,

Will need more infor on your setup? Are you using Cisco ASA for vpn? What is the configuration of the vpn device?

 

Thanks

John

**Please rate posts you find helpful**

The VPN connects to our Cisco 887 and the from there hits the ASA. The ports are all open as far as I can tell for VPN traffic.

Let me explain a bit further. I have a server that runs an application that can be access via port 211. This works fine when on the LAN. However, when connected via VPN it doesn't connect. The wireshark traffic indicates that a connection request is submitted and then acknowledged, but it doesn't make the final connection. I then get connection resets.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: