Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4358
Views
0
Helpful
8
Replies

port forwarding with route map

yoyo_the_king
Level 1
Level 1

‎06-15-2010 05:37 PM - edited ‎03-04-2019 08:47 AM

Hi All,

I have a router 1841 connected with ADSL and behind this router connected ASA5520 with private IP Adresse.

the router ADSL is configured with vpn site-to-site with 3 sites:

i want to configure vpn remote client with ASA5520,

to do this i want to forward udp/500 and udp/4500 comming to router public IP to ASA private ip.

the problem is i want to forward request comming from all Public IP except those connected with router with vpn site-to-site.

i think it's possible with route map, but i don't know how to configure it.

can you help me plz, many thanks.

yoyo

Labels:
0 Helpful
8 Replies 8

andrew.prince
Level 10
Level 10

‎06-16-2010 06:56 AM

An extended ACL  - based on src/dst to block the L2L VPN, and forward everything else.

HTH>

0 Helpful

yoyo_the_king
Level 1
Level 1
In response to andrew.prince

‎06-16-2010 07:45 AM

Hi,

thta's what i did,

i creat an ACL

access-list 120 deny   ip host A.A.A.A any log
access-list 120 deny   ip host B.B.B.B any log
access-list 120 deny   ip host C.C.C.C any log
access-list 120 deny   ip any host A.A.A.A log
access-list 120 deny   ip any host B.B.B.B log
access-list 120 deny   ip any host C.C.C.C log
access-list 120 permit ip any any log

and i create a route map

route-map map-forward permit 1
match ip address 120

and i create a nat with

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

the problem that the acl match the last one any any i don't know why.

any help

0 Helpful

andrew.prince
Level 10
Level 10
In response to yoyo_the_king

‎06-16-2010 08:02 AM

It's because you have placed it in the wrong place for the wrong thing.

Post your config for review

0 Helpful

yoyo_the_king
Level 1
Level 1
In response to andrew.prince

‎06-16-2010 10:01 AM

joined the config,

thanks a lot for help.

67853-conf.txt.zip
0 Helpful

andrew.prince
Level 10
Level 10
In response to yoyo_the_king

‎06-16-2010 11:05 PM

Add "ip nat inside" under vlan 2 interface and test.

0 Helpful

yoyo_the_king
Level 1
Level 1
In response to andrew.prince

‎06-17-2010 03:16 AM

I add ip nat inside under vlan2

but still not wroking, just i add the command:

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

i lose connexion with all site connected with vpn site-to-site with router.

0 Helpful

yoyo_the_king
Level 1
Level 1
In response to yoyo_the_king

‎06-18-2010 06:46 AM

Any help or suggestions plz??

0 Helpful

andrew.prince
Level 10
Level 10
In response to yoyo_the_king

‎06-18-2010 06:49 AM

remove what I suggested, that will get it all back working.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card