Static NAT IPSec

[lost4life]

I have set up IPSec between two offices. Everything works great except for servers with static addresses. The remote office has a Cisco 1721 with 3 servers that have static IPs. Those 3 servers can not access our network through the VPN. I have tried the following:

!static IP to server
ip nat inside source static 192.168.1.10 10.10.x.x

!do not nat interesting traffic
access-list 122 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 122 deny ip host 192.168.1.10 any
access-list 122 permit ip 192.168.1.0 any
!
access-list 130 permit ip 192.168.100.0 0.0.0.255 any
route-map nonat permit 10
match ip adress 130
!
ip nat inside source list 122 interface FastEthernet0 overload

Once I issued these commands, I started getting calls from the remote office that they can not get to the internet- ooops!

 

[mrueckbr]

Can you please paste the configurations (without pw etc) from both router ?

 

[Dimpa1]

This links explains it all.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Use loopback and [set ip next-hop 1.1.1.2] on the route map.

interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
route-map nonat permit 10
match ip address 130
set ip next-hop 1.1.1.2


Make sure access list 130 is correct. I see x.x.100.x and x.x.1.x on access list 122.

130 should look like this:
access-list 130 permit ip host <static private ip> <remote lan> <mask>