06-26-2014 01:39 PM
hi every one .
i have router 2911 configured for site-to-site vpn , and there is web server published with static nat .
when the static nat in place , the remote vpn site cannot access the web server throw vpn
and when i remove the static nat , the remote vpn site can access the web server throw vpn ???
and i need to keep both ( published web server to internet and remote vpn users can access the web server throw vpn)
i'll appreciate any help !
06-27-2014 01:42 PM
Hi ,
Can you try to perform a NAT IDENTITY to the server,
Create an ACL with the source and destination IP you don't want to translate and deny that in the ACL and permit any other traffic which you want to get translated
Create your NAT using that ACL...
Ex: access-list NAT-ACL deny ip 192.168.1.0 0.0.0.255 any
access-list NAT-ACL permit ip 192.168.2.0 0.0.0.255 any
ip nat inside list nat-acl
Any traffic generated from 192.168.1.0 will not get "Natted" but 192.168.2.0 does.
Regards,
06-29-2014 01:31 AM
hi rvarelac thank you for reply :
i allready done that , i put a deny statements in nat access-list excluding the vpn traffic , but the problem still there !
--------------------------------------------------------
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key 12344321 address 1.1.1.1
!
crypto ipsec transform-set Remote-Site esp-aes esp-sha-hmac
mode tunnel
!
crypto map s2s 100 ipsec-isakmp
set peer 1.1.1.1
set transform-set Remote-Site
match address vpnacl
!
interface GigabitEthernet0/0
crypto map s2s
!
Extended IP access list lantointernet
30 deny icmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
40 deny igmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
50 deny ip 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
80 permit ip any any
06-29-2014 10:50 PM
Hi,
You can do the nat-exempt / no-nat for the VPN pool. If you do so outside internet to server access would be performed by the defined static nat and no-nat rule will be doing access for the vpn users.
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide