Port Forwarding / VPN Pass-Thru on a Cisco 2800

I have a Cisco 2800 that is being used as a firewall. When I am behind it and NATing to the Internet I am unable to VPN out to any VPN servers because IPsec does not go accoss a NAT with out port forwarding. I am trying to find out how to turn on port forwarding so that I can VPN to remote locations. Any help would be much appreciated. Thanks

Reply to
Loading thread data ...

Do you use IPSec vpn that wraps traffic in UDP packets? If so, UDP packets will be NATed as all other UDP traffic and you'll be able to connect trough this router onto another VPN server. This is default option if you use Cisco EasyVPN and/or Cisco VPN clients. It works in my case and I also use 2800 ISR. The only additional thing to do is to open udp ports 500 and 4500 (src and dst ports) in both directions (inbound and outbound), as well as esp and ah traffic. Of course VPN server on another end must also be accessible from the Internet by these udp ports.

Best Regards, Igor

Reply to
Igor Mamuzic

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.