IPSec tunnels + NAT overload + NAT static

Discussion in 'Cisco' started by alpertech, Jan 12, 2006.

  1. alpertech

    alpertech Guest

    I have a setup with 1*1711 and 3*831. There is an IPSec tunnel between
    each of the 831 (remote sites) and the 1711 (main site). NAT overload
    is used for all the routers.

    Remote sites access a Terminal Server on the main site on the standard
    port 3389. This works well.

    I want to have access also from the Internet to the Terminal Server on
    the main site, but I want to use a different port number, let's say
    port 7888 (and I don't want to use this port number for the PC that are
    in the main or remote sites). Is this possible?

    With my current configuration, as soon as I insert :
    ip nat inside source static tcp 3389 interface FastEthernet0
    ....remote sites loose their access to the Terminal Server (NAT is done
    before IPSec). is my Terminal Server's LAN address (weird subnet, but...).

    Here is a small amount of the 1711 configuration :

    version 12.3
    ip nat inside source route-map nat-route-map interface FastEthernet0
    route-map nat-route-map permit 1
    match ip address nat-acl
    ip access-list extended nat-acl
    deny ip
    deny ip
    deny ip
    permit ip any

    Help would be greatly appreciated.
    alpertech, Jan 12, 2006
    1. Advertisements

  2. alpertech

    helpdesk Guest

    Hello Al,

    are you still looking for a solution ? Send your problem to
    and get an answer within minutes. Check our

    website at www.solutionfinders.nl !
    We solve your problem, guaranteed !

    We┬┤ve got answers !
    helpdesk, Jan 20, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.