Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ip and port forwarding for openvpn

Hello, i have one pix 501. My internal server win 2008 have openvpn service on 1194 port, it's possibile with pdm software add rule for forwarding 1194 port to internal ip of win2008 ?

1 REPLY
New Member

Re: ip and port forwarding for openvpn

You dont say which version of code you are running, and you dont say whether you use nat or pat, let's assume you are using 7.x code and nat, you would need:

1). static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

2). access-list someacl extended permit udp any host x.x.x.x eq 1194

for PAT, replace #1 with:

static (inside,outside) udp interface 1194 y.y.y.y 1194 netmask 255.255.255.255

for 6.3, it would be:

Nat would be the same, then,

access-list someacl permit udp any host x.x.x.x netmask 255.255.255.255 eq 1194

Check the configuration guides for specifics. They can be found:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

I assume you are using openvpn so that you have sslvpn? If not, why not just terminate ipsec clients on your 501 (or upgrade to an ASA 5505 which WILL support sslvpn)? Seems kind of silly to pass vpn traffic THROUGH a device that was designed to terminate VPNs.

1117
Views
0
Helpful
1
Replies
CreatePlease to create content