Solved: traffic blocked on VPN interface with NAT entry on WAN interface

tomlord71 · ‎01-13-2011

Hi All,

We have a Cisco 1841 and are having trouble configuring NAT entires.

The router is setup with a WAN interface and IPSEC VPN interfaces. Email has been delivered through the VPN interface to the exchange server but now we are needing to deliver mail over the WAN interface.

We have tried using the following command to add a NAT entry for port 25 via the wan interface

ip nat inside source static tcp 192.168.92.4 25 xxx.xxx.xxx.xxx 25 extendable x's are external IP address

This works correctly in that we can receive mail externally, however this also blocks port 25 over the VPN connection.

Are we approaching this the right way or should we be using a different method? What other information do we need to provide to help troubleshoot?

Thanks in advance for any help you can provide

jgraafmans · ‎01-13-2011

You can use a route-map in the NAT statement to tell the router when traffic should be translated and when not:

For example if you have a VPN-tunnel between subnet 192.168.92.0/24 and 10.0.0.0/24 your config whould look like this:

access-list 101 deny ip 192.168.92.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 101 permit ip 192.168.92.0 any

route-map DONAT permit 10

match ip address 101

ip nat inside source static tcp 192.168.92.4 25 xxx.xxx.xxx.xxx 25 route-map DONAT extendable

This way traffic from 192.168.92.0/24 to 10.0.0.0/24 will not be translated all other traffic will

View solution in original post

jgraafmans · ‎01-13-2011