02-04-2013 08:05 PM - edited 03-04-2019 06:56 PM
I have a single public IP address. Maybe in the near future I will procure multiple public IP addresses so I have more flexibility in my configuration, but for now I am tasked with making this work.
I have forwarded multiple UDP ports to my 3cx PBX using a route map but every time I do it brings down my IPSEC transport protecting my GRE tunnels. I am unsure for the reason of this. Below are some portions of my config.
ip nat inside source list 1 interface FastEthernet0/1 overload
-snipped for brevity-
ip nat inside source static tcp 172.16.1.131 3389 <public> 3389 extendable
ip nat inside source static udp 172.16.1.131 5060 <public> 5060 extendable
ip nat inside source static tcp 172.16.1.131 5090 <public> 5090 extendable
ip nat inside source static udp 172.16.1.131 5090 <public> 5090 extendable
ip nat inside source static 172.16.1.131 <public> route-map PBX
route-map PBX permit 10
match ip address 106
access-list 106 permit udp any any range 9000 9094
When I apply the last static nat statement my IPSEC tunnel will go down.
show crypto session indicates DOWN-NEGOTIATING & I lose my OSPF adjacency.
Any ideas?
02-04-2013 09:21 PM
Hi,
Edit your ACL 106 to deny traffic between your Public IP (IPsec Peer) and remote end IPSEc Peer.
hopefully this will solve your problem.
HTH.
02-05-2013 10:52 AM
Syed,
Thank you for the reply.
I have changed ACL 106 to the following:
Extended IP access list 106
10 deny ip host
20 deny ip host
30 deny ip any 172.16.254.0 0.0.0.3 <--tunnel point to point link
40 deny ip any 172.16.2.0 0.0.0.255 <--remote networks
50 permit udp any any range 9000 9094
As you can see, sequence 20 is getting matches, but the IPSEC is still down.
I am unsure of the implications of using the route map on the end of that static NAT statement, i.e., what am I telling the router to do? Perhaps uncovering that will help me discover the solution.
Regards
02-05-2013 09:27 PM
Hi Evan,
Please post the entire configuratoin.
thank you.
02-06-2013 08:56 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: