Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
4
Replies

Static nat and vpn issue

carllougher
Level 1
Level 1

‎01-12-2007 04:04 AM - edited ‎02-21-2020 02:48 PM

I have a static nat for inbound smtp traffic and inbound vpn smtp traffic no longer works even though my access list denys vpn traffic being natted.

Config attached.

Any way around this?

Taf..

Labels:
Preview file
8 KB
0 Helpful
4 Replies 4

andyjames
Level 1
Level 1

‎01-12-2007 08:44 AM

Are you going to use the vpn for SNMP traffic only?

If so take the translation off.

If not would need to see config for remote end also.

Andy.

0 Helpful

carllougher
Level 1
Level 1
In response to andyjames

‎01-12-2007 09:03 AM

Smtp required for both external and vpn access. The issue is that the inbound vpn smtp traffic trys to use the Nat rule and therefore doesnt work.

I cant see anyway around this and it doesnt do it with a pix.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎01-12-2007 09:05 AM

You need to do policy routing. This link should help.

http://www.enterastream.com/whitepapers/cisco/pix/pix-practical-guide.html

0 Helpful

carllougher
Level 1
Level 1
In response to Collin Clark

‎01-12-2007 09:38 AM

I dont see how policy routing or routemaps are going to make any difference because the traffic is still getting forwarded to the same interface ie the dialer interface. Only difference is that it needs to go through the VPN. In the config attached there is an access-list which denys traffic to the vpn from going through the nat translation but for some reason this doesnt apply if there is a static nat applied.

0 Helpful
Customers Also Viewed These Support Documents