I have a setup with 1*1711 and 3*831. There is an IPSec tunnel between each of the 831 (remote sites) and the 1711 (main site). NAT overload is used for all the routers.
Remote sites access a Terminal Server on the main site on the standard port 3389. This works well.
I want to have access also from the Internet to the Terminal Server on the main site, but I want to use a different port number, let's say port 7888 (and I don't want to use this port number for the PC that are in the main or remote sites). Is this possible?
With my current configuration, as soon as I insert : ip nat inside source static tcp 192.1.1.1 3389 interface FastEthernet0
7888 ...remote sites loose their access to the Terminal Server (NAT is done before IPSec).192.1.1.1 is my Terminal Server's LAN address (weird subnet, but...).
Here is a small amount of the 1711 configuration :
version 12.3 ip nat inside source route-map nat-route-map interface FastEthernet0 overload route-map nat-route-map permit 1 match ip address nat-acl ! ip access-list extended nat-acl deny ip 192.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255 deny ip 192.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255 deny ip 192.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255 permit ip 192.1.1.0 0.0.0.255 any !
Help would be greatly appreciated. Thanks, Al