ip and port forwarding for openvpn

Unanswered Question
Nov 17th, 2008

Hello, i have one pix 501. My internal server win 2008 have openvpn service on 1194 port, it's possibile with pdm software add rule for forwarding 1194 port to internal ip of win2008 ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

You dont say which version of code you are running, and you dont say whether you use nat or pat, let's assume you are using 7.x code and nat, you would need:

1). static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

2). access-list someacl extended permit udp any host x.x.x.x eq 1194

for PAT, replace #1 with:

static (inside,outside) udp interface 1194 y.y.y.y 1194 netmask 255.255.255.255

for 6.3, it would be:

Nat would be the same, then,

access-list someacl permit udp any host x.x.x.x netmask 255.255.255.255 eq 1194

Check the configuration guides for specifics. They can be found:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

I assume you are using openvpn so that you have sslvpn? If not, why not just terminate ipsec clients on your 501 (or upgrade to an ASA 5505 which WILL support sslvpn)? Seems kind of silly to pass vpn traffic THROUGH a device that was designed to terminate VPNs.

Actions

This Discussion