03-22-2015 03:30 PM - edited 03-05-2019 01:04 AM
I've got an application that runs on an internal server. When connected to the LAN, users can connect to this server IP via port 211. When connected to VPN they cannot.
I did a tracert to determine where the traffic was going. When connected to the LAN, there is 1 hop to the IP address. When connected to the VPN, there are two hops via another ip and then the ip of the server we need. How can I NAT a rule to allow traffic for the correct server to get where it needs to go?
Here are the IPs concerned.
192.168.1.120 is the server I need to connect to via port 211. This works fine when on the LAN.
When I am on VPN, the first hop is xx.xx.xx.xx (our external IP) and then 192.168.1.120. How can I translate the traffic to hit 192.168.1.120 rather than the external IP? Is this even possible?
03-22-2015 06:14 PM
Hi,
Will need more infor on your setup? Are you using Cisco ASA for vpn? What is the configuration of the vpn device?
Thanks
John
03-22-2015 08:25 PM
The VPN connects to our Cisco 887 and the from there hits the ASA. The ports are all open as far as I can tell for VPN traffic.
03-23-2015 12:09 PM
Let me explain a bit further. I have a server that runs an application that can be access via port 211. This works fine when on the LAN. However, when connected via VPN it doesn't connect. The wireshark traffic indicates that a connection request is submitted and then acknowledged, but it doesn't make the final connection. I then get connection resets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide