I have a single public IP address. Maybe in the near future I will procure multiple public IP addresses so I have more flexibility in my configuration, but for now I am tasked with making this work.
I have forwarded multiple UDP ports to my 3cx PBX using a route map but every time I do it brings down my IPSEC transport protecting my GRE tunnels. I am unsure for the reason of this. Below are some portions of my config.
ip nat inside source list 1 interface FastEthernet0/1 overload
-snipped for brevity-
ip nat inside source static tcp 172.16.1.131 3389 <public> 3389 extendable
ip nat inside source static udp 172.16.1.131 5060 <public> 5060 extendable
ip nat inside source static tcp 172.16.1.131 5090 <public> 5090 extendable
ip nat inside source static udp 172.16.1.131 5090 <public> 5090 extendable
ip nat inside source static 172.16.1.131 <public> route-map PBX
route-map PBX permit 10
match ip address 106
access-list 106 permit udp any any range 9000 9094
When I apply the last static nat statement my IPSEC tunnel will go down.
show crypto session indicates DOWN-NEGOTIATING & I lose my OSPF adjacency.
Thank you for the reply.
I have changed ACL 106 to the following:
Extended IP access list 106
10 deny ip host
20 deny ip host
30 deny ip any 172.16.254.0 0.0.0.3 <--tunnel point to point link
40 deny ip any 172.16.2.0 0.0.0.255 <--remote networks
50 permit udp any any range 9000 9094
As you can see, sequence 20 is getting matches, but the IPSEC is still down.
I am unsure of the implications of using the route map on the end of that static NAT statement, i.e., what am I telling the router to do? Perhaps uncovering that will help me discover the solution.