Port forwarding from cisco 2600 to ASA-5510

Discussion in 'Cisco' started by recvfrom, Jul 20, 2006.

  1. recvfrom

    recvfrom Guest


    I have remote clients at sites with very restrictive firewalls which
    allow only tcp/80 and tcp/443 outbound. I need to enable their
    remote access IPsec VPN clients, and the only way I can think
    of to do this is to 'deploy' and IP address, have their VPN clients
    point to it on tcp/443, instead of the normal port. Then I'd like the
    router, which has a *very* basic configuration, re-direct traffic
    destined for that address on tcp/443 to the ASA on tcp/10000,
    for example. Is that possible, and if so, how?? A nice, clear
    example would be **greatly** appreciated! TIA!!!

    recvfrom, Jul 20, 2006
    1. Advertisements

  2. You may wish to investigate Cisco's IPSec Documentation:


    Found on Cisco's VPN Documentation:



    Brad Reese
    BradReese.Com - Refurbished Cisco PIX Firewall Guide
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Technical Forums
    www.BradReese.Com, Jul 20, 2006
    1. Advertisements

  3. recvfrom

    recvfrom Guest

    www.BradReese.Com wrote:

    Thanks, but I'm not having any trouble with a VPN client. I
    would like to find a way to re-direct traffic for one socket to
    another as it passes through a router. Even reconfiguring
    the VPN service to listen on a different port does not help,
    since management functions are supplied on at least one
    of them. The VPN situation is just a concrete example
    of why I want to do this. Does that help to clarify?

    recvfrom, Jul 20, 2006
  4. recvfrom

    Darren Green Guest


    I have an old config for TFTP that I dug out. Whilst this was on an 837 I am
    sure that you could modify for your own purpose. The important lines were:

    ip nat inside source list 110 interface Dialer0 overload
    ip nat inside source static tcp 69 interface Dialer0 69

    access-list 110 remark Nat list
    access-list 110 permit ip any

    So...I allowed anything from inside to outside to be natted. The 2nd
    statement mapped on my LAN range to the Dialer 0 public IP for

    The syntax for this command with details on how to specify the port no's is




    Darren Green, Jul 21, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.