Solved: Re: IPSEC Tunnel & Port fowarding problems

pmcallion · ‎08-17-2005

Hi,

I have a couple of 837 Routers connecting two sites using an IPSEC tunnel.

At one of the sites i have a static NAT port fowarded to an internal IP

ie.

ip nat inside source static tcp 192.168.57.100 3389 interface Dialer0 3389

to foward RDP from the internet to an internal computer.

The user can access his computer when using the public IP, but if he tries to access it from the other site using the internal LAN IP he can't

Any suggestions

shijogeorge · ‎08-22-2005

Hi,

Your config NATs 192.168.57.100 over the VPN tunnel as well. Two options to access this IP over VPN would be.

1.) Use the NAT IP itself over the VPN tunnel which is working for you currently.

2.) Use policy NAT so that traffic over the VPN tunnel is exempted from NAT. Your NAT statement in this case would look something like this.

ip nat inside source static tcp 192.168.57.100 3389 interface Dialer0 3389 route-map

access-list 101 deny ip host 192.168.57.100

access-list 101 permit ip host 192.168.57.100 any

route-map permit 10

match ip address 101

HTH

Regards,

Shijo George.

b.hsu · ‎08-22-2005

Can you ping or traceroute the internal LAN IP??

shijogeorge · ‎08-22-2005

Hi,