Cisco Linksys RV082 VPN router Port Translation

Hi all

We have a router RV082 and we try to do port forwarding.

For example:

88.123.2.5:80 > 192.168.1.10:2334

88.123.2.5:81 > 192.168.1.10:2335

However this does not seem to be possible because I can choose only the source port and IP address of destination unlike the RVS4000.

Thank you

These products are processed by the Cisco Small Business support community. Please refer to the URL: https://supportforums.cisco.com/community/netpro/small-business

Tags: Linksys Routers

Similar Questions

  • Linksys RV082, problems of https RV016 router

    Problemas con Cisco Linksys RV082 y RV016, fr pages that manejan https example www.logmein.com al iniciar sesion me dead nuevo has the pagina inicio sesion begins, al encuentro real are una identidad suplantacion posible, por fucnion than tiene el balancear RV carga as cambia UN modem a modem as free mas este otro , esto're uno los problemas con los me sown y aun no he could did en UN buen tiempo, alguien como dress conocera este problemon.

    Gracias of photos.

    Problems with Linksys RV082 and Cisco RV016 in pages that https handshake, for example, when you connect www.logmein.com returns me back to the home page of connection, I find that when investigating a possible identity theft, the RV fucnion is responsible as it changes from one modem to modem another which is freer, it's one of the problems that I have found the balance and I have not been resolved in a while someone will know how to solve this big problem.

    Thanks in advance.

    Enrique,

    On the RV082:

    1. -> Double-WAN management system
    2. Change of balancing load (Auto Mode) at the bottom of the page you will now see binding protocol
    3. Select HTTPS [TCP/443 ~ 443] in the menu drop-down
    4. Select the source IP address or range: (i.e. 192.168.1.100 to 150) that will bind HTTPS for any LAN device that uses an IP address in this range.
    5. Select the address IP of Destination: leave generally to 0.0.0.0 to 0.0.0.0 for all destinations
    6. Select the Interface to bind the Protocol (WAN1 or WAN2)
    7. Check the box enable and add to the list. Save settings at the bottom of page.

    On the RV016:

    1. Management-> multi-WAN system
    2. Look for the setting of the Interface to and select Edit to WAN1.
    3. Follow the steps above.

    Please let us know if this helps or if you need further assistance.

  • Need help with native VPN client for Mac to the Configuration of the VPN router RV082

    Guys,

    I am trying to set up router RV082 VPN Client with native Mac for my remote access. However, no matter what I did, I'm not able to make works. Can any give me an example of how to set my router RV082 and Mac Book Pro (Mountain Lion)?

    Thank you

    Hi Jixian, the native client MAC does not work. The IPSEC VPN client is the same as the 5.x Cisco VPN client is not supported on this device.

    Your alternatives are to use PPTP or a 3rd party IPsec client such as ipsecuritas.

    -Tom
    Please evaluate the useful messages

  • RV082 VPN Cisco ASA

    I have seen discussions on people who make reliable VPN connections to a RV082 at a remote site to a Cisco ASA 5500 security series device in a Home Office.  Can we get a FAQ/document displays the settings on both sides so that it works?  Even if mark you it as "This is a configuration not supported, use at your own discretion", it would be better than nothing.  Each Cisco, Linksys device or otherwise, must be able to communicate with other devices, especially on a standard IPSec protocols.

    Please see attached tech note on the definition of the tunnel VPN RVxx Linksys with Cisco
  • Cisco Linksys E1000 Wireless-N Router

    If anyone knows please tell me about "Cisco Linksys E1000 Wireless - N Router" and how it is maximum cost?, coz one of my friends have this router and I think to buy it. so I want to know that all the failures have in this series of router. I would really appreciate it.

    Hi supun.aka,

    I can say that it is one of the stable the Linksys routers.  Once you have configured, make sure that the network is secure and the router's firmware is up to date.

  • Cisco IOS - access remote VPN - route unwanted problem

    Hello

    I recently ran into a problematic scenario: I am trying to connect to a remote LAN (using a Cisco VPN client on my windows xp machine) my office LAN and access a server there. The problem is that I need a remote local network access at the same time.

    Remote LAN: 172.16.0.0/16

    LAN office: 172.16.45.0/24

    Topology:

    (ME: 172.16.10.138/25) - (several subnets form 172.16.0.0/16) - (Internet cloud) - (VPN-Gateway) - (172.16.45.0/24) - (TARGET: 172.16.45.100)

    To provide access, I configured a VPN to access simple distance on a 1700 series router. It's the relevant part:

    (...)

    crypto ISAKMP client config group group-remote access

    my-key group

    VPN-address-pool

    ACL 100

    IP local pool pool of addresses-vpn - 172.16.55.1 172.16.55.30

    access-list 100 permit ip 172.16.45.100 host 172.16.55.0 0.0.0.31

    (...)

    The configuration works fine, I can access the 172.16.45.100 server every time I need to. However, the problem is that when the VPN connection is connected, Windows wants to somehow rout the packets intended for 172.16.0.0/16 through the VPN tunnel. This is apparently due to a static route that added by the Cisco VPN Client and all other specific VPN routes.

    I suspect that the culprit is the IP LOCAL POOL, since when the VPN is connected, debugging of Client VPN log shows something like "adapter connected, address 172.16.55.1/16. Focus on the part "/ 16". I checked the VPN status page and the only road indicated there was "172.16.45.100 255.255.255.255" under remote routes. Local routes was empty.

    Is this a known problem I missed the obvious solution for? Is there no workaround apart from the pool local vpn penetrating high-end 10.x.x.x or 192.168.x.x? Thank you in advance for advice or tips!

    Hello

    The best way is to avoid any overlap between the local network and VPN pool.

    Try 172.17.0.0/16, is also private IP address space:

    http://en.Wikipedia.org/wiki/Private_network

    Please rate if this helped.

    Kind regards

    Daniel

  • Cisco linksys router and cannot access the wireless network

    We have cisco linksys wireless router.  When we installed everything first, we could connect our wireless laptops to the network.  Now, however, the network is detected, but there is no access to the internet.  We have even a guy from ATT were out and he said that the wireless router has been installed backwards?  He installed a dsl fast access on our laptop icon, and now we can access the wireless network but only if we connect as the first.  We can also connect iPod to the wireless network.  They detect the network, but when we enter the password cannot connect.

    Hi JC_3094,

    Welcome to the Microsoft Community and thanks for posting the question.

    According to the description, it looks like you aren't able to access the Internet.

    The likely causes of this problem is if the router is not configured properly.

    Here are some steps that should help you to solve this problem.

    Method 1:

    Check if the router is configured properly to get access to the Internet.

    Method 2:

    Try the steps mentioned in this link and check:

    This tutorial is designed to help you identify and solve problems with a wired (Ethernet) and wireless (Wi - Fi) network connections in Windows.

    Wireless and wired network problems
     
    Method 3:
     
    If there is a frequent disconnection try to update the firmware on the router and check.
     
    In addition, visit these links for more information:
     
    Why can't I connect to the Internet?
     
    Hope this information helps. Respond us if you have any questions with windows and we will be happy to help.
  • HOWTO configure SSL VPN router Cisco 1941?

    Hello.

    How to configure SSL VPN on a router Cisco 1941? I would like a howto guide that is step by step. I've found myself so far.

    Best regards Tommy Svensson

    Here are a few links that might help:

    http://www.Cisco.com/en/us/products/ps6657/prod_configuration_examples_list.html

    http://security-blog.netcraftsmen.NET/2009/02/Cisco-IOS-SSL-VPN-example.html

  • Cisco Linksys E4200 v2 fails to process UPNP requests

    Bought a new router E4200 v2 version last month and replaced my dlink dir-655 and I started to see the alerts on my server at home that it is impossible to configure the router.

    Already checked on the router that UPNP is enabled. already tried disabling the firewall, ipv4 and ipv6 and turning too wide "filter applications anonymous Internet", but does not

    then in WHS 2011 troubleshooting guildline, I ran a router online test tool: http://www.microsoft.com/windows/using/tools/igd/results.mspx

    and all tests passed except "Testing UPNP" and the poster details a mistake:

    'Test 5 - UPnP Support Test not supported

    Result:

    The operating system is Windows Vista
    The firewall is turned on

    Exceptions are provided by the firewall

    UPnP is enabled by the firewall

    UPnP services are running

    Discovery of UPnP is enabled

    Detect Internet gateway on the network devices

    2 RMI (s) found

    The IGD device information:

    Name manufacturer: Cisco

    Model name: RMI

    Model number: v1.0

    get_StaticPortMappingCollection() returns NULL IStaticPortMappingCollection

    get_StaticPortMappingCollection() returns NULL IStaticPortMappingCollection

    get_StaticPortMappingCollection() returns NULL IStaticPortMappingCollection

    Could not get the IGD port mapping ".

    Now, it seems that my router is bad or cisco/linksys does not support this API and is not compatible.

    is there a way to fix this?

    * Firewall can block almost all of the ports used by P2P clients. Check if the BitTorrent ports are made available to customers requesting. Disable the firewall of the router and enable uPnP features allow the BitTorrent ports to pass through.

    * As E4200 is a new Cisco router usually have a good level of security, and unless you have a good configuration configured on the router it can block the software work that uses UPNP.

    * If the ISP updates for IPV6 nodes still functionality for IPV4 will exist as the Lauch of IPV6 also depends on the hardware compatibility

    So, once reset the router for Hard Reset 30/30/30

    The following procedure will clear the NVRAM and set the router back to the default values:

    With the power on, press and hold the reset button the back of the unit for 30 seconds
    Without releasing the reset button, unplug the unit and hold reset for another 30 seconds
    Plug in the appliance ALWAYS keeping the reset button a final 30 seconds...

    Then reconfigure the router once more and then check the concern...

  • Cisco RV220W IPSec VPN problem Local configuration for any config mode

    Dear all,

    I need help, I am currently evaluating RV220W for VPN usage but I'm stuck with the config somehow, it seems that there is a problem with the Mode-Config?

    What needs to be changed or where is my fault?

    I have installed IPSec according to the RV220W Administrator's Guide. Client's Mac with Mac Cisco IPSec VPN, I also tried NCP Secure Client.

    I have 3 other sites where the config on my Mac works fine, but the Cisco VPN router is not.

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: remote for found identifier "remote.com" configuration

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: application received for the negotiation of the new phase 1: x.x.x.x [500]<=>2.206.0.67 [53056]

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: early aggressive mode.

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: RFC 3947

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: CISCO - UNITY

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: DPD

    2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: for 2.206.0.67 [53056], version selected NAT - T: RFC 39472013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: floating ports NAT - t with peer 2.206.0.67 [52149]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT - D payload is x.x.x.x [4500]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT - D payload does not match for 2.206.0.67 [52149]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT detected: Peer is behind a NAT device

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: request sending Xauth for 2.206.0.67 [52149]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: ISAKMP Security Association established for x.x.x.x [4500] - 2.206.0.67 [52149] with spi: 1369a43b6dda8a7d:fd874108e09e207e

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: type of the attribute "ISAKMP_CFG_REPLY" from 2.206.0.67 [52149]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: connection for the user "Testuser".

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: type of the attribute "ISAKMP_CFG_REQUEST" from 2.206.0.67 [52149]

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: ignored attribute 5

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: attribute ignored 28678

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

    2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: attribute ignored 28683

    2013-03-07 01:56:07: [CiscoFirewall] [IKE] INFO: purged-with proto_id = ISAKMP and spi = 1369a43b6dda8a7d:fd874108e09e207e ISAKMP Security Association.

    2013-03-07 01:56:08: [CiscoFirewall] [IKE] INFO: ISAKMP Security Association deleted for x.x.x.x [4500] - 2.206.0.67 [52149] with spi: 1369a43b6dda8a7d:fd874108e09e207e

    Hi Mike, the built-in client for MAC does not work with the RV220W. The reason is, the MAC IPSec client is the same as the Cisco VPN 5.x client.

    The reason that this is important is that the 5.x client work that on certain small business products include the SRP500 and SA500 series.

    I would recommend that you search by using a client VPN as Greenbow or IPSecuritas.

    -Tom
    Please mark replied messages useful

  • RV082 VPN gateway to gateway does not solve remote gateway DynDns

    I have two RV082 is connected. Each has a dynamic IP address (generally changes every few weeks). I have configured tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "+ IP dynamic authentication with domain name".

    If I look at the State of the VPN tunnel summary, it shows the IP "mondomaine.dyndns.org 0.0.0.0" under the column heading "Remote Gateway". The button "Connect" Tunnel test is n/a.

    I can solve each mondomaine.dyndns.org on both sides of each VPN entry using the Diagnostic DNS search within each router. If I wired a fixed IP address for the Local and the remote gateway, everything works fine. VPN is good.

    I can't seem to get the "mondomaine.dyndns.org" function works. It seems that the router is unable to solve the dynamic IP address of the domain names on each of the routers.

    I am confused, but this is my first time using a Cisco VPN router. Thanks in advance for some ideas.

    Hello MtnSledder,

    You can use only address dynamic IP + domain name (FQDN) of one side of the tunnel. On the other device try to select IP and then the possibility of using the IP by DNS resolved.  You will find this under the remote gateway once you select IP only.

    Give that a try and it must raise the tunnel.

    Christopher Ebert

    Network support - Cisco Small Business Support Center Engineer

  • Cisco AnyConnect SSL VPN

    Hi guys,.

    I am currently ut setting for the first time on a Cisco ASA 5505 Cisco AnyConnect SSL VPN.

    I enclose my topology.

    I ran the wizard of the ASDM on the ASA2 I want to use for my VPN connections.

    Everything works fine except that I can't access any internal computer servers on my network.

    I do a specific configuration because my servers have a different default gateway of the ASA that I use for my VPN?

    I have since the ASA2 the 192.168.10.0 network.

    my remote ip address of the pool is 10.0.0.1-10.0.0.10/24

    config (I've included what, in my view, is necessary, please let me know if you need to see more):

    ASA 2.0000 Version 8

    Sysopt connection permit VPN

    tunnel of splitting allowed access list standard 192.168.10.0 255.255.255.0

    network of the NETWORK_OBJ_10.0.0.0 object

    10.0.0.0 subnet 255.255.255.0

    NAT (inside, outside) static source any any static destination NETWORK_OBJ_10.0.0.0 NETWORK_OBJ_10.0.0.0 non-proxy-arp-search to itinerary

    internal GroupPolicy_vpn group strategy

    attributes of Group Policy GroupPolicy_vpn

    value of 192.168.10.20 WINS server

    value of server DNS 192.168.10.15

    client ssl-VPN-tunnel-Protocol ikev2

    Split-tunnel-policy tunnelspecified

    Split-tunnel-network-list value split tunnel

    domain.local value by default-field

    WebVPN

    User PROFILE of value type profiles AnyConnect

    type tunnel-group tunnel_vpn remote access

    tunnel-group tunnel_vpn General-attributes

    address ra_vpn_pool pool

    Group Policy - by default-GroupPolicy_vpn

    tunnel-group tunnel_vpn webvpn-attributes

    activation of the Group tunnel_vpn alias

    !

    Thanks in advance!

    Hello

    The unit behind your ASAs on the internal LAN should really be a router switch or L3 and not a basic L2 switch.

    You now have an asymmetric routing on your network, and this is the reason why the connection of the VPN device will not work.

    The problem comes from the fact that internal devices use the ASA1 for the default gateway. When trying to connect to the VPN Client, the following happens

    • Client VPN armed sends TCP SYN that happens by the VPN with the ASA2
    • ASA2 passes the TCP SYN to the server
    • Server responds with TCP SYN ACK for the VPN Client and sends this information to the ASA1 as the destination host is in another network (vpn pool)
    • ASA1 sees the TCP SYN ACK, but never saw the TCP SYN so he abandoned the connection.

    To work around the problem, you need to essentially configure TCP State Bypass on the ASA1 although I wouldn't really say that, but rather to change the configuration of the network so that traffic makes this way to start.

    An option, even if not the best, would be to set the LAN of the ASA2 to ASA1 on some physical ports and set up a new network connection between them (not the same 192.168.10.x/yy). In this way the ASA1 would see the entire conversation between servers and VPN Clients and there are no problems with the flow of traffic.

    But as I said it probably still isn't the best solution, but in my opinion better than having recourse to special configurations ASA1.

    There could be a 'special' configuration on the ASA2 that you could use to make the Client VPN connections operate in their current configuration, without changing anything in the physical topology.

    You can change the NAT for VPN Clients configuration so that the VPN ALL users would actually PATed to 192.168.10.4 IP address when they connect to your internal network. Given that the server would see the connection coming from the same network segment, they would know to forward traffic back with the ASA2 rather than ASA1 like her today.

    If this is not an ideal solution.

    No source (indoor, outdoor) nat static any any static destination NETWORK_OBJ_10.0.0.0 NETWORK_OBJ_10.0.0.0 non-proxy-arp-search to itinerary

    the object of the LAN network

    192.168.10.0 subnet 255.255.255.0

    NAT (exterior, Interior) 1 dynamic source NETWORK_OBJ_10.0.0.0 destination static LAN LAN interface

    Hope this helps

    -Jouni

  • interface of the vpn router

    Hello

    I ususally use cisco asa for vpn site-to-site connection.  Outside intereface Eth0/0 I ususally use for internet public IP static and eth0/1 connect the internal network.

    For the router.  I've seen a lot of example on the web.  He uses usually FE0/1 for public internet IP static for once a connection point of site to site VPN and FE0/0 for internal network.  Could you tell me why?  My concept is out of interface FE0/0 should be used for the public IP address because less security level.  Please help explain.  Thank you

    Hello

    The interface ID has nothing to do with security of interfaces on its own. On a SAA 'security level' is used to define which is the less safe interface (the one facing Internet), not the port ID.

    You are free to use any physical interface on a router Cisco or ASA for any reason you wish to.

    Most people tend to use the port with the ID 0/0 for the "outside" and the other for local network connections.

    There is nothing prevents you to use something different.

    -Jouni

  • Cisco/Linksys lacks a PCI Express Wireless N card for desktop computers

    I bought a new gateway last year and noticed that there is no PCI slot for an internal wireless card.

    I've been running on an adapter of game without external G wire hooked to my ethernet port.

    I want to update my system for Wireless-N dual band, but to eliminate the clutter of my office.

    Anyone have any idea when CISCO/Linksys will have to use a card PCI E N dual-band available?

    (I'm willing to beta-test)

    Bill Calderwood

    Quality Director

    Kadient

    You could use a PCIe to PCI card and then use any PCI device you want (as long as he did)

    http://www.Amazon.com/STARTech-PCI-Express-adapter-card/DP/B0024CV3SA

  • ASA - create a backup via VPN route

    I have a normal life (non - VPN) connection point to point between 2 x ASAs and I would like to create a link of relief using a VPN on our corporate network cloud. I tried to do, following configs example Cisco but the VPN is not upward when the route taken breaks down.

    NB. This isn't a default route, just a road to one 27.

    Here's the configs of sla/track (I'm confident with the VPN configuration, why have not included here):

    FW1

    Route between sites 192.168.61.0 255.255.255.224 10.20.30.3 1 track 1
    Route corp-outside 0.0.0.0 0.0.0.0 10.92.215.225 1
    Route 192.168.61.0 255.255.255.224 corp-outdoor 10.92.215.225 100

    monitor SLA 100
    site type echo protocol ipIcmpEcho 10.20.30.3 inter interface
    NUM-package of 3
    frequency 10

    monitor als 100 calendar life never start-time now

    track 1 rtr 100 accessibility

    FW2

    Route between sites 192.168.60.0 255.255.255.224 10.20.30.1 1 track 1
    Route corp-outside 0.0.0.0 0.0.0.0 10.72.215.225 1
    Route 192.168.60.0 255.255.255.224 corp-outdoor 10.72.215.225 100

    monitor SLA 100
    site type echo protocol ipIcmpEcho 10.20.30.1 inter interface
    NUM-package of 3
    frequency 10

    monitor als 100 calendar life never start-time now

    track 1 rtr 100 accessibility

    When I stop one side track interface, the route taken is removed from the routing table and replaced by the backup through the interface corp-outdoor path.

    However, the VPN is not running and I see a lot of:

    Could not locate the next hop for prod-inside:192.168.61.8/51583 to inter-site:192.168.60.5/11322 routing TCP

    .. .errors in the newspapers. You can see that packets are still trying to be sent to the interface between the sites , which is no longer in the routing table.

    Any help appreciated

    Hello Handsy,

    Simply by curiosity, asuming that you are pointing to the internet to a public IP address, traffic from when creating the exemption nat for the site to the site you use the command "route search"?

    Example for nat exemption:

    NAT (inside, outside) static source local-Lan Lan Local static destination remote control Remote-Lan Lan non-proxy-arp-search to itinerary.

    The route search command should make the package to look first in the routing table before performing the nat and therefore to follow the correct path.

    If you can run a command Packet-trace to check the path followed by the traffic while testing the option from site to site.

    for icmp:

    Packet-trace entry icmp 8 0 detailed

    for tcp (based on your timeline):

    Packet-trace entry tcp 192.168.61.8 51583 192.168.60.5 11322 detailed

    Kind regards

    Miguel

Maybe you are looking for