access-list 150 permit ip 192.168.203.0 0.0.0.255 10.10.70.0 0.0.0.255
We have several offices that have 881 ISR routers. Those are configured in the same manner.
I am currently behind such a device with 192.168.203.0/24 internal subnet.
So, VPN connections work like a charm. Everything is pingable, users connect to servers behind 2801 through VPN.
Some users need to access servers behind 2801 when they out of their offices. For this reason I need to configure port forwarding.
As I enter "ip nat inside source static tcp 10.10.70.50 3389 interface FastEthernet0/1 3383" users who sit behind 881s lose an ability to connect to 10.10.70.50's RDP. I have checked, port forwarding is working fine. 10.10.70.50 is also pingable from 192.168.203.0/24 subnet over VPN (the same in other offices). But no one can connect to servers over VPN.