trying to access external IP address of NAT'ed out server from VPN tunnel

ChuckHaynes · ‎11-08-2015

We have lots of IPSec tunnels that connect our main site to remote sites using internal (private) IP addresses on both ends. All of these locations are working fine. We were recently tasked with creating a VPN tunnel for a certain company, but this time it was different. They wanted a couple of their external (routable) IP address in the tunnel on their side and a server on our side that has been NAT'ed out. The tunnel came up and I can ping their servers fine from my server. However, they cannot ping my server from their server. They can see their outgoing packets increasing, but not their incoming packets. I believe this is a problem with how I have NAT setup on our end. I did some reading an see mentions of "U-turns", but I haven't been able to figure it out. Please note, we have other servers that are NAT'ed out and they can be access fine from outside. In fact, the server in question can be accessed fine from outside - the problem only occurs when the specific company tried to access it from within their VPN tunnel. Any help would be greatly appreciated. Thanks.

paul driver · ‎11-10-2015

Hello

Is it possible be the return server traffic getting routed/natted to the outside instead of going back over the vpn?

Have a look at this link from Jon Marshall it could be useful

https://supportforums.cisco.com/discussion/12544291/ipsec-ip-nat-inside-source-static

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ChuckHaynes · ‎11-10-2015

I guess it's possible. How can I check that?