Skip navigation
Cisco Learning Home > Connections > Cisco Learning Network Japan (シスコラーニングネットワークジャパン) > Expert Community (Japan) > Discussions
3188 Views 1 Reply Latest reply: Jul 29, 2011 3:23 PM by Japan Learning@Cisco RSS

Currently Being Moderated

Port forwarding issue

Jul 29, 2011 3:06 AM

alexey.murkaev 1 posts since
Jan 14, 2009

Hi all!

I am facing a problem with port forwarding on Cisco router 2801.

2801 is configured with Site-to-Site VPN and DMVP.

 

crypto isakmp policy 50

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key xxx address 2.3.1.1

crypto ipsec transform-set NSET esp-3des esp-sha-hmac

crypto map vpn 1 ipsec-isakmp

set peer 2.3.1.1

set transform-set NSET

match address 150


interface fa0/0

ip address 10.10.70.1 255.255.255.0

ip nat inside

interface fa0/1

ip address 3.2.1.1

ip nat outside

crypto map vpn


! ip nat is overloaded from fa0/1


ip nat inside source static tcp 10.10.70.50 3389 interface FastEthernet0/1 3383

ip nat inside source static tcp 10.10.70.60 3389 interface FastEthernet0/1 3384

ip nat inside source static tcp 10.10.70.70 3389 interface FastEthernet0/1 3385


access-list 150 permit ip 192.168.203.0 0.0.0.255 10.10.70.0 0.0.0.255

 

We have several offices that have 881 ISR routers. Those are configured in the same manner.

I am currently behind such a device with 192.168.203.0/24 internal subnet.

 

So, VPN connections work like a charm. Everything is pingable, users connect to servers behind 2801 through VPN.

 

Some users need to access servers behind 2801 when they out of their offices. For this reason I need to configure port forwarding.

As I enter "ip nat inside source static tcp 10.10.70.50 3389 interface FastEthernet0/1 3383" users who sit behind 881s lose an ability to connect to 10.10.70.50's RDP. I have checked, port forwarding is working fine. 10.10.70.50 is also pingable from 192.168.203.0/24 subnet over VPN (the same in other offices). But no one can connect to servers over VPN.

 

Please, anyone help me to solve this trouble!

Thanks in advance.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)