Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

port forwarding to VPN LAN

JamesS4
Level 1
Level 1

‎03-15-2018 01:50 PM - edited ‎03-10-2019 01:15 PM

Hi All,

 

I have a rather convoluted issue, which I think may have a very quick solution, but I do not have the expertise to figure this out.

 

We have our own local network (let's call it Network 1) connecting to two vendor networks. 

 

One connects via direct point to point connection (Network 2).  They have given us a 2 address transport network.  We route to their end and they handle the traffic from there.  They route back to our Network 1 network ONLY.  If we want to use any other network, we have to NAT overload. 

 

The other vendor LAN connects via VPN over Internet, which is NATed to our external public IP, by their requirement (Network 3).

 

Network 1: 172.30.50.xxx

Network 2: 10.9.21.xxx

Network 3: 172.40.100.xxx

Network 3 Transport: 172.40.200.xxx

 

So on our local router, for traffic from Network 1 to Network 3, we have a static route: ip route 10.9.21.0 255.255.255.0 [Internet next hop]

 

For traffic from Network 1 to Network 2, we have another static route: ip route 172.40.100.0 255.255.255.240 172.40.200.101.

 

Network 1 can talk to Network 2 and Network 3 with no issue.  Network 2 can talk to Network 1 directly.  Network 3 can talk to Network 1 via the public IP and port forwarding.  

 

So the issue is, we want Network 2 and Network 3 to be able to talk to each other via Network 1 router.  I have tried to setup port forward rules going both ways.

 

This rule is intended for Network 3 to talk to Network 2:

ip nat inside source static tcp 172.40.100.3 22 [Network 1 public IP] 22 extendable

 

This rule is intended for Network 2 to talk to Network 3, by giving it a static Network 1 NAT:

ip nat inside source static tcp 10.9.21.3 22 172.30.50.60 22 extendable

 

But neither of these work.  Traceroute shows that they do reach the Network 1 router, but that's as far it goes.

 

Hopefully this is enough information (and not too much) to give an indication of where the issue lies.

 

Thanks in advance!

Labels:
0 Helpful
2 Replies 2

JamesS4
Level 1
Level 1

‎03-20-2018 11:35 AM

I think IP NAT ENABLE may be the solution I am looking for and not doing inside/outside designations.  I will come back with any results following further testing

0 Helpful

JamesS4
Level 1
Level 1

‎03-20-2018 11:36 AM - edited ‎03-20-2018 11:37 AM

 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card