Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

1711 FW-VPN-NAT problem

gary.wilcox
Level 1
Level 1

‎02-15-2005 07:52 PM - edited ‎02-21-2020 01:36 PM

I am using a 1711 Security router to connect a small network to the Internet. Internet side is using a single IP address (NAT overload). The router is also an Easy VPN server for a number of PC clients. I want to allow incomming connections for mail (port 25) to static NAT to an internal mail server but at the same time allow the VPN users to access port 25 directly no NAT translations. I am using an "ip nat inside source route-map vpn-map interface fastethernet 0 overload" statement to exclude inside network to VPN connections from being NAT'ed. IF I then add an "ip nat inside source static inside.ip 25 outside.ip 25" statement I can access the mail server from outside but loose the ability to access the mail server port 25 from a VPN. It seems I need to exclude the static statement from the inside to VPN but can't seem to figure out how to get it right.

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-16-2005 02:25 PM

This'll get you going:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Note this is for a router-to-router tunnel, but the NAT concepts are exactly the same.

0 Helpful
Customers Also Viewed These Support Documents