Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
966
Views
0
Helpful
0
Comments

The VPN client is unable to access the internal host configured for static NAT on the router

TCC_2
Level 10
Level 10

on ‎06-22-2009 06:13 PM

Core issue

This issue can occur when the vpn pool range of addresses are not explicitly denied from being translated when leaving the router.

Resolution

In order to resolve this issue, issue the route-map command for static translation. Translation decisions can be made based on the destination IP address when static translation entries are used.


For example, if the router has this configuration:


Servers internal ip address: 10.1.1.3
Servers global ip address: 192.168.1.1
VPN client-pool: 192.168.36.1 192.168.36.254
Nat statement: ip nat inside source static 10.1.1.3 192.168.1.1


Then, this example shows the use of the route-map command with static NAT translations:


ip nat inside source static 10.1.1.3 192.168.1.1  route-map < nonat >

access-list 150 deny  ip host 10.1.1.3 192.168.36.0 0.0.0.255

access-list 150 permit ip host 10.1.1.3 any

route-map nonat permit 10
match ip address 150


Note: This feature was introduced in Cisco IOS  version 12.2(4)T.

Refer to NAT - Ability to Use Route Maps with Static Translations for additional help with how to configure route maps with static translations.

Problem Type

Connectivity to the device

Product Family

Routers

VPN - hardware & software clients

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents