Cisco 877 NAT & VPN

[MinistryCork]

All,
i have set up a NAT rule to an address which is only accessible over a vpn. The vpn is configured and working but the NAT rule doesnt seem to be. Am i missing something?

All feedback wlecome!

 

[burtsbees]

Post a config.

Burt

 

[MinistryCork]

Hi Burt.
here is a shortened config. it should be enough to see whats going on and what i need to accomplish.
Thanks,

http://www.intercall.ie/conf.txt

 

[burtsbees]

ip nat inside source static tcp 172.16.90.202 23 86.43.109.234 23 extendable

Is this what you're talking about?

Burt

 

[MinistryCork]

That is the nat statement to allow lan traffioc out on the public ip its the other nat statement ip nat inside source static tcp 213.233.158.50 10.0.2.100 8001 extendable thats the problem. 10.0.2.100 is only reachabl.e over the VPN

 

[burtsbees]

But if you VPN in, why would you want to NAT it to a public IP? Unless you mean that without the VPN it needs a NAT, and therefore is NOT reachable once vpn'd in...IPSEC and NAT do not play well together...

Burt

 

[MinistryCork]

The VPN's are both at site A. one to site b and one to site c. 10.0.2.0/24 is accessable over the vpn to site B and 213.233.159.0/24 is accessbale over the von to site C. Site B has an application running on it whih is hardcoded with an address which points to 213.233.158.50. 10.0.2.100 also has the same service running on it as the .50 address so what we want to achieve is to NAT the traffic setined for 158.50 to 2.100 so the application will work with the hardcoded address which cannoyt be changed.

I hope this makes it a liitle clearer.

Regards,
Tony.

 

[MinistryCork]

Have IT!
ip nat outside source static 10.0.2.102 213.233.158.50

HAS DONE THE TRICK!

Thanks for the help Burt, it put me on the right track

 

[burtsbees]

Darn---you beat me to it...lol

Burt