1 Reply Latest reply: Jul 29, 2011 3:23 PM by Japan Learning@Cisco RSS

    Port forwarding issue

    alexey.murkaev

      Hi all!

      I am facing a problem with port forwarding on Cisco router 2801.

      2801 is configured with Site-to-Site VPN and DMVP.

       

      crypto isakmp policy 50

      encr 3des

      hash md5

      authentication pre-share

      group 2

      crypto isakmp key xxx address 2.3.1.1

      crypto ipsec transform-set NSET esp-3des esp-sha-hmac

      crypto map vpn 1 ipsec-isakmp

      set peer 2.3.1.1

      set transform-set NSET

      match address 150


      interface fa0/0

      ip address 10.10.70.1 255.255.255.0

      ip nat inside

      interface fa0/1

      ip address 3.2.1.1

      ip nat outside

      crypto map vpn


      ! ip nat is overloaded from fa0/1


      ip nat inside source static tcp 10.10.70.50 3389 interface FastEthernet0/1 3383

      ip nat inside source static tcp 10.10.70.60 3389 interface FastEthernet0/1 3384

      ip nat inside source static tcp 10.10.70.70 3389 interface FastEthernet0/1 3385


      access-list 150 permit ip 192.168.203.0 0.0.0.255 10.10.70.0 0.0.0.255

       

      We have several offices that have 881 ISR routers. Those are configured in the same manner.

      I am currently behind such a device with 192.168.203.0/24 internal subnet.

       

      So, VPN connections work like a charm. Everything is pingable, users connect to servers behind 2801 through VPN.

       

      Some users need to access servers behind 2801 when they out of their offices. For this reason I need to configure port forwarding.

      As I enter "ip nat inside source static tcp 10.10.70.50 3389 interface FastEthernet0/1 3383" users who sit behind 881s lose an ability to connect to 10.10.70.50's RDP. I have checked, port forwarding is working fine. 10.10.70.50 is also pingable from 192.168.203.0/24 subnet over VPN (the same in other offices). But no one can connect to servers over VPN.

       

      Please, anyone help me to solve this trouble!

      Thanks in advance.