I have the following szenario:
A Cisco router from ISP and an internal network. The ISP configured VPN on the router.
VPN works fine, except when i want to ping a certain server in the internal network (it is a lotus domino mail-server)
When i ping the mail server (192.168.100.1) over VPN i get an response from the routers external ip.
But when i ping another server (192.168.100.2 - DC) the response is correct!
How strange is this?
Can there be a dns cache on the router?
There is a static nat for mail to 192.168.100.1. Can this be a problem? (Would be very strange)
Has somebody an idea?
Yes, static NAT is the issue. You are spot on!!
On the static NAT, you would need to include route-map to deny traffic between the 2 LANs, and it will reply with the correct IP Address. Otherwise, it will reply with the NATed IP.
Ok that helped quite a lot!
But how can this happen. The static NAT is only for mail traffic (port 25). Why then is all traffic NATed (from this single host)?
How would such route-map look like, because i have to provide access to the mail server from the VPN, but also keep the nat for outgoing/incoming mail traffic.
access-list 123 deny ip host 192.168.100.1
access-list 123 permit ip host 192.168.100.1 any
route-map nonat-mail permit 10
match ip address 123
then add the above route-map at the end of your static NAT statement
I believe this is to do with your internal dns server. Please do a nslookup (i.e. for mx recode) on your PC for your
domino mail-server and see, what ip your internal dns server resolve with for mx recode.