1. Home
  2. Cisco Systems
  3. Port forwarding from cisco 2600 to ASA-5510

Port forwarding from cisco 2600 to ASA-5510

Hi!

I have remote clients at sites with very restrictive firewalls which allow only tcp/80 and tcp/443 outbound. I need to enable their remote access IPsec VPN clients, and the only way I can think of to do this is to 'deploy' and IP address, have their VPN clients point to it on tcp/443, instead of the normal port. Then I'd like the router, which has a *very* basic configuration, re-direct traffic destined for that address on tcp/443 to the ASA on tcp/10000, for example. Is that possible, and if so, how?? A nice, clear example would be **greatly** appreciated! TIA!!!

-r

Reply to
recvfrom
Loading thread data ...

You may wish to investigate Cisco's IPSec Documentation:

formatting link
Found on Cisco's VPN Documentation:

formatting link
Sincerely,

Brad Reese BradReese.Com - Refurbished Cisco PIX Firewall Guide

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Technical Forums
formatting link

Reply to
www.BradReese.Com

Brad,

formatting link

Thanks, but I'm not having any trouble with a VPN client. I would like to find a way to re-direct traffic for one socket to another as it passes through a router. Even reconfiguring the VPN service to listen on a different port does not help, since management functions are supplied on at least one of them. The VPN situation is just a concrete example of why I want to do this. Does that help to clarify?

-r

Reply to
recvfrom

Hi,

I have an old config for TFTP that I dug out. Whilst this was on an 837 I am sure that you could modify for your own purpose. The important lines were:

ip nat inside source list 110 interface Dialer0 overload ip nat inside source static tcp 192.168.1.2 69 interface Dialer0 69

access-list 110 remark Nat list access-list 110 permit ip 192.168.1.0 0.0.0.255 any

So...I allowed anything from inside to outside to be natted. The 2nd statement mapped 192.168.1.2 on my LAN range to the Dialer 0 public IP for TFTP.

The syntax for this command with details on how to specify the port no's is here:

formatting link
HTH.

Regards

Darren

Reply to
Darren Green

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.