Port forwarding from cisco 2600 to ASA-5510

Discussion in 'Cisco' started by recvfrom, Jul 20, 2006.

  1. recvfrom

    recvfrom Guest

    Hi!

    I have remote clients at sites with very restrictive firewalls which
    allow only tcp/80 and tcp/443 outbound. I need to enable their
    remote access IPsec VPN clients, and the only way I can think
    of to do this is to 'deploy' and IP address, have their VPN clients
    point to it on tcp/443, instead of the normal port. Then I'd like the
    router, which has a *very* basic configuration, re-direct traffic
    destined for that address on tcp/443 to the ASA on tcp/10000,
    for example. Is that possible, and if so, how?? A nice, clear
    example would be **greatly** appreciated! TIA!!!

    -r
     
    recvfrom, Jul 20, 2006
    #1
    1. Advertisements

  2. You may wish to investigate Cisco's IPSec Documentation:

    http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_support_protocol_home.html

    Found on Cisco's VPN Documentation:

    http://www.cisco.com/en/US/tech/tk583/tsd_technology_support_category_home.html

    Sincerely,

    Brad Reese
    BradReese.Com - Refurbished Cisco PIX Firewall Guide
    http://www.bradreese.com/refurbished-cisco-pix-firewalls.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Technical Forums
    http://www.bradreese.com/cisco-technical-newsgroups.htm
     
    www.BradReese.Com, Jul 20, 2006
    #2
    1. Advertisements

  3. recvfrom

    recvfrom Guest

    www.BradReese.Com wrote:

    Brad,
    Thanks, but I'm not having any trouble with a VPN client. I
    would like to find a way to re-direct traffic for one socket to
    another as it passes through a router. Even reconfiguring
    the VPN service to listen on a different port does not help,
    since management functions are supplied on at least one
    of them. The VPN situation is just a concrete example
    of why I want to do this. Does that help to clarify?

    -r
     
    recvfrom, Jul 20, 2006
    #3
  4. recvfrom

    Darren Green Guest

    Hi,

    I have an old config for TFTP that I dug out. Whilst this was on an 837 I am
    sure that you could modify for your own purpose. The important lines were:

    ip nat inside source list 110 interface Dialer0 overload
    ip nat inside source static tcp 192.168.1.2 69 interface Dialer0 69

    access-list 110 remark Nat list
    access-list 110 permit ip 192.168.1.0 0.0.0.255 any

    So...I allowed anything from inside to outside to be natted. The 2nd
    statement mapped 192.168.1.2 on my LAN range to the Dialer 0 public IP for
    TFTP.

    The syntax for this command with details on how to specify the port no's is
    here:

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftnatis.htm

    HTH.

    Regards

    Darren
     
    Darren Green, Jul 21, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.