08-17-2005 03:45 AM - edited 02-21-2020 01:54 PM
Hi,
I have a couple of 837 Routers connecting two sites using an IPSEC tunnel.
At one of the sites i have a static NAT port fowarded to an internal IP
ie.
ip nat inside source static tcp 192.168.57.100 3389 interface Dialer0 3389
to foward RDP from the internet to an internal computer.
The user can access his computer when using the public IP, but if he tries to access it from the other site using the internal LAN IP he can't
Any suggestions
Solved! Go to Solution.
08-22-2005 09:03 PM
Hi,
Your config NATs 192.168.57.100 over the VPN tunnel as well. Two options to access this IP over VPN would be.
1.) Use the NAT IP itself over the VPN tunnel which is working for you currently.
2.) Use policy NAT so that traffic over the VPN tunnel is exempted from NAT. Your NAT statement in this case would look something like this.
ip nat inside source static tcp 192.168.57.100 3389 interface Dialer0 3389 route-map
access-list 101 deny ip host 192.168.57.100
access-list 101 permit ip host 192.168.57.100 any
route-map
match ip address 101
HTH
Regards,
Shijo George.
08-22-2005 02:42 PM
Can you ping or traceroute the internal LAN IP??
08-22-2005 09:03 PM
Hi,
Your config NATs 192.168.57.100 over the VPN tunnel as well. Two options to access this IP over VPN would be.
1.) Use the NAT IP itself over the VPN tunnel which is working for you currently.
2.) Use policy NAT so that traffic over the VPN tunnel is exempted from NAT. Your NAT statement in this case would look something like this.
ip nat inside source static tcp 192.168.57.100 3389 interface Dialer0 3389 route-map
access-list 101 deny ip host 192.168.57.100
access-list 101 permit ip host 192.168.57.100 any
route-map
match ip address 101
HTH
Regards,
Shijo George.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: