Port forwarding from cisco 2600 to ASA-5510

Discussion in 'Cisco' started by recvfrom, Jul 20, 2006.

  1. recvfrom

    recvfrom Guest

    Hi!

    I have remote clients at sites with very restrictive firewalls which
    allow only tcp/80 and tcp/443 outbound. I need to enable their
    remote access IPsec VPN clients, and the only way I can think
    of to do this is to 'deploy' and IP address, have their VPN clients
    point to it on tcp/443, instead of the normal port. Then I'd like the
    router, which has a *very* basic configuration, re-direct traffic
    destined for that address on tcp/443 to the ASA on tcp/10000,
    for example. Is that possible, and if so, how?? A nice, clear
    example would be **greatly** appreciated! TIA!!!

    -r
    recvfrom, Jul 20, 2006
    #1
    1. Advertising

  2. You may wish to investigate Cisco's IPSec Documentation:

    http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_support_protocol_home.html

    Found on Cisco's VPN Documentation:

    http://www.cisco.com/en/US/tech/tk583/tsd_technology_support_category_home.html

    Sincerely,

    Brad Reese
    BradReese.Com - Refurbished Cisco PIX Firewall Guide
    http://www.bradreese.com/refurbished-cisco-pix-firewalls.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Technical Forums
    http://www.bradreese.com/cisco-technical-newsgroups.htm
    www.BradReese.Com, Jul 20, 2006
    #2
    1. Advertising

  3. recvfrom

    recvfrom Guest

    www.BradReese.Com wrote:

    Brad,

    > You may wish to investigate Cisco's IPSec Documentation:
    >
    > http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_support_protocol_home.html
    >
    > Found on Cisco's VPN Documentation:
    >
    > http://www.cisco.com/en/US/tech/tk583/tsd_technology_support_category_home.html


    Thanks, but I'm not having any trouble with a VPN client. I
    would like to find a way to re-direct traffic for one socket to
    another as it passes through a router. Even reconfiguring
    the VPN service to listen on a different port does not help,
    since management functions are supplied on at least one
    of them. The VPN situation is just a concrete example
    of why I want to do this. Does that help to clarify?

    -r
    recvfrom, Jul 20, 2006
    #3
  4. recvfrom

    Darren Green Guest

    "recvfrom" <> wrote in message
    news:...
    > Hi!
    >
    > I have remote clients at sites with very restrictive firewalls which
    > allow only tcp/80 and tcp/443 outbound. I need to enable their
    > remote access IPsec VPN clients, and the only way I can think
    > of to do this is to 'deploy' and IP address, have their VPN clients
    > point to it on tcp/443, instead of the normal port. Then I'd like the
    > router, which has a *very* basic configuration, re-direct traffic
    > destined for that address on tcp/443 to the ASA on tcp/10000,
    > for example. Is that possible, and if so, how?? A nice, clear
    > example would be **greatly** appreciated! TIA!!!
    >
    > -r
    >

    Hi,

    I have an old config for TFTP that I dug out. Whilst this was on an 837 I am
    sure that you could modify for your own purpose. The important lines were:

    ip nat inside source list 110 interface Dialer0 overload
    ip nat inside source static tcp 192.168.1.2 69 interface Dialer0 69

    access-list 110 remark Nat list
    access-list 110 permit ip 192.168.1.0 0.0.0.255 any

    So...I allowed anything from inside to outside to be natted. The 2nd
    statement mapped 192.168.1.2 on my LAN range to the Dialer 0 public IP for
    TFTP.

    The syntax for this command with details on how to specify the port no's is
    here:

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftnatis.htm

    HTH.

    Regards

    Darren
    Darren Green, Jul 21, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CompGuy
    Replies:
    11
    Views:
    129,186
    jhonny
    Sep 28, 2011
  2. Snguyen
    Replies:
    0
    Views:
    7,404
    Snguyen
    Oct 6, 2006
  3. André Rodier
    Replies:
    4
    Views:
    1,384
    Andrey Tarasov
    Jun 3, 2008
  4. Stuart
    Replies:
    1
    Views:
    761
  5. Greg
    Replies:
    0
    Views:
    3,637
Loading...

Share This Page