cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4317
Views
0
Helpful
8
Replies

port forwarding with route map

yoyo_the_king
Level 1
Level 1

Hi All,

I have a router 1841 connected with ADSL and behind this router connected ASA5520 with private IP Adresse.

the router ADSL is configured with vpn site-to-site with 3 sites:

i want to configure vpn remote client with ASA5520,

to do this i want to forward udp/500 and udp/4500 comming to router public IP to ASA private ip.

the problem is i want to forward request comming from all Public IP except those connected with router with vpn site-to-site.

i think it's possible with route map, but i don't know how to configure it.

can you help me plz, many thanks.

yoyo

8 Replies 8

andrew.prince
Level 10
Level 10

An extended ACL  - based on src/dst to block the L2L VPN, and forward everything else.

HTH>

Hi,

thta's what i did,

i creat an ACL

access-list 120 deny   ip host A.A.A.A any log
access-list 120 deny   ip host B.B.B.B any log
access-list 120 deny   ip host C.C.C.C any log
access-list 120 deny   ip any host A.A.A.A log
access-list 120 deny   ip any host B.B.B.B log
access-list 120 deny   ip any host C.C.C.C log
access-list 120 permit ip any any log

and i create a route map

route-map map-forward permit 1
match ip address 120

and i create a nat with

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

the problem that the acl match the last one any any i don't know why.

any help

It's because you have placed it in the wrong place for the wrong thing.

Post your config for review

joined the config,

thanks a lot for help.

Add "ip nat inside" under vlan 2 interface and test.

I add ip nat inside under vlan2

but still not wroking, just i add the command:

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

i lose connexion with all site connected with vpn site-to-site with router.

Any help or suggestions plz??

remove what I suggested, that will get it all back working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco