Showing results for 
Search instead for 
Did you mean: 

NAT Rule to allow access to correct server

Keith Uhlmann
Level 1
Level 1

I've got an application that runs on an internal server. When connected to the LAN, users can connect to this server IP via port 211. When connected to VPN they cannot. 

I did a tracert to determine where the traffic was going. When connected to the LAN, there is 1 hop to the IP address. When connected to the VPN, there are two hops via another ip and then the ip of the server we need. How can I NAT a rule to allow traffic for the correct server to get where it needs to go?


Here are the IPs concerned. is the server I need to connect to via port 211. This works fine when on the LAN.

When I am on VPN, the first hop is xx.xx.xx.xx (our external IP) and then How can I translate the traffic to hit rather than the external IP? Is this even possible?


3 Replies 3

Level 8
Level 8


Will need more infor on your setup? Are you using Cisco ASA for vpn? What is the configuration of the vpn device?




**Please rate posts you find helpful**

The VPN connects to our Cisco 887 and the from there hits the ASA. The ports are all open as far as I can tell for VPN traffic.

Let me explain a bit further. I have a server that runs an application that can be access via port 211. This works fine when on the LAN. However, when connected via VPN it doesn't connect. The wireshark traffic indicates that a connection request is submitted and then acknowledged, but it doesn't make the final connection. I then get connection resets.

Review Cisco Networking for a $25 gift card