Cisco 837 VPN, NAT and Port Forwarding

Discussion in 'Cisco' started by Weili, Feb 28, 2005.

  1. Weili

    Weili Guest

    Hi, I have such a home and office network: --[ Cisco 837 Router A ]--Internet--
    [ 61.X.X.204]

    [ Cisco 831 Router B] ---- [ Firewall ] ----
    [203.x.x.18 172.x.x.133] 172.x.x.134]

    Here are part of config file on router A:

    crypto map agentisvpn 10 ipsec-isakmp
    set peer 203.x.x.18
    set transform-set agentis
    match address 115

    interface Dialer1
    ip address negotiated
    ip access-group 112 in
    ip mtu 1492
    ip nat outside

    ip classless
    ip route Dialer1
    no ip http server
    no ip http secure-server
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 110 interface Dialer1
    ip nat inside source static tcp 25 interface Dialer1

    access-list 102 deny ip
    access-list 102 deny ip
    access-list 102 permit ip any

    access-list 115 permit ip
    access-list 115 permit ip

    The VPN tunnle is up and running between and As you can see, port 25 from external IP address is
    forwarded to host with ip address When I do a telnet 25 from network, it always times out.
    I did a "show ip nat translations" in router A, and found out the is translated to 61.x.x.204. It looks like NAt for
    port forwarding happens before checking access list 102.

    Any ideas to fix it?

    Thank you very much.
    Weili, Feb 28, 2005
    1. Advertisements

  2. Weili

    Philip D'Ath Guest

    You can't fix it. People from the remote office will need to specify
    the head office external public IP for be able to forward port 25 traffic.
    Philip D'Ath, Feb 28, 2005
    1. Advertisements

  3. Weili

    Weili Guest

    Weili, Mar 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.