Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2353
Views
0
Helpful
1
Replies

ip and port forwarding for openvpn

sigedacisco
Level 1
Level 1

‎11-17-2008 06:41 AM - edited ‎03-11-2019 07:14 AM

Hello, i have one pix 501. My internal server win 2008 have openvpn service on 1194 port, it's possibile with pdm software add rule for forwarding 1194 port to internal ip of win2008 ?

Labels:
0 Helpful
1 Reply 1

mike.keller
Level 1
Level 1

‎11-17-2008 10:58 AM

You dont say which version of code you are running, and you dont say whether you use nat or pat, let's assume you are using 7.x code and nat, you would need:

1). static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

2). access-list someacl extended permit udp any host x.x.x.x eq 1194

for PAT, replace #1 with:

static (inside,outside) udp interface 1194 y.y.y.y 1194 netmask 255.255.255.255

for 6.3, it would be:

Nat would be the same, then,

access-list someacl permit udp any host x.x.x.x netmask 255.255.255.255 eq 1194

Check the configuration guides for specifics. They can be found:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

I assume you are using openvpn so that you have sslvpn? If not, why not just terminate ipsec clients on your 501 (or upgrade to an ASA 5505 which WILL support sslvpn)? Seems kind of silly to pass vpn traffic THROUGH a device that was designed to terminate VPNs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card