Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
0
Replies

NAT over VPN Traffic

ryan.neil
Level 1
Level 1

‎08-19-2020 05:05 AM - edited ‎08-19-2020 07:29 AM

Hi,

 

I have the following issue.

 

Port 8081 on the routers public ip address needs to forward to 10.15.1.9 port 8081 1

10.15.1.9 Port 8081 needs to also work across the Site to site VPN from the 10.15.4.0/24 network.

 

At the moment we have the following configured.


crypto map CMAP 10 ipsec-isakmp
set peer
set transform-set SKENE
match address 101
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address
ip access-group WAN_IN in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description LAN
ip address 10.15.1.200 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip nat inside source static tcp 10.15.1.1 25 interface GigabitEthernet0/0 25
ip nat inside source static tcp 10.15.1.1 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 10.15.1.1 1723 interface GigabitEthernet0/0 1723
ip nat inside source static tcp 10.15.1.1 143 interface GigabitEthernet0/0 143
ip nat inside source static tcp 10.15.1.240 5090 interface GigabitEthernet0/0 5090
ip nat inside source static tcp 10.15.1.240 5003 interface GigabitEthernet0/0 5003
ip nat inside source static tcp 10.15.1.240 6001 interface GigabitEthernet0/0 6001
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.15.1.2 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 10.15.1.33 8001 interface GigabitEthernet0/0 8001
ip nat inside source static tcp 10.15.1.33 8002 interface GigabitEthernet0/0 8002
ip nat inside source static udp 10.15.1.33 8001 interface GigabitEthernet0/0 8001
ip nat inside source static udp 10.15.1.33 8002 interface GigabitEthernet0/0 8002
ip nat inside source static tcp 10.15.1.4 443 interface GigabitEthernet0/0 9696


ip nat inside source static tcp 10.15.1.9 8081 interface GigabitEthernet0/0 8081


ip nat inside source static tcp 10.15.1.7 25 185.100.69.185 25 extendable
ip nat inside source static tcp 10.15.1.7 80 185.100.69.185 80 extendable
ip nat inside source static tcp 10.15.1.7 443 185.100.69.185 443 extendable

access-list 100 deny ip 10.15.1.0 0.0.0.255 10.15.4.0 0.0.0.255
access-list 100 permit ip 10.15.1.0 0.0.0.255 any
access-list 101 permit ip 10.15.1.0 0.0.0.255 10.15.4.0 0.0.0.255
 

I tried adding the following however it seems to break the VPN with users reporting having issues using the VPN, and still unable to connect via that VPN to 10.15.1.9.

 
ip nat inside source route-map EX_VPN extendable interface GigabitEthernet0/0 overload

ip nat inside source static tcp 10.15.1.9 8081 46.***.*.*** 8081 route-map EX_VPN extendable

route-map EX_VPN permit 10
match ip address 101

 

Extended IP access list 100
10 deny ip 10.15.1.0 0.0.0.255 10.15.4.0 0.0.0.255 (43595250 matches)
20 permit ip 10.15.1.0 0.0.0.255 any (937381 matches)
Extended IP access list 101
10 permit ip 10.15.1.0 0.0.0.255 any (316 matches)
 
Does anyone know how to resolve this at all any help would be greatly appreciated?
 
 
Kind Regards
 
 
Ryan Neil
 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents