cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
261
Views
0
Helpful
2
Replies

trying to access external IP address of NAT'ed out server from VPN tunnel

ChuckHaynes
Level 3
Level 3

We have lots of IPSec tunnels that connect our main site to remote sites using internal (private) IP addresses on both ends. All of these locations are working fine. We were recently tasked with creating a VPN tunnel for a certain company, but this time it was different. They wanted a couple of their external (routable) IP address in the tunnel on their side and a server on our side that has been NAT'ed out. The tunnel came up and I can ping their servers fine from my server. However, they cannot ping my server from their server. They can see their outgoing packets increasing, but not their incoming packets. I believe this is a problem with how I have NAT setup on our end. I did some reading an see mentions of "U-turns", but I haven't been able to figure it out. Please note, we have other servers that are NAT'ed out and they can be access fine from outside. In fact, the server in question can be accessed fine from outside - the problem only occurs when the specific company tried to access it from within their VPN tunnel. Any help would be greatly appreciated. Thanks.

2 Replies 2

Hello

Is it possible be the return server traffic getting routed/natted to the outside instead of going back over the vpn?

Have a look at this link from Jon Marshall it could be useful

https://supportforums.cisco.com/discussion/12544291/ipsec-ip-nat-inside-source-static

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I guess it's possible. How can I check that?