Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pass traffic for both NAT and non-NAT port

Not sure if my title explains the need very well.

We have (mostly) implemented a successful hub/spoke VPN setup. A few details to work out include the following:

For a given type of traffic (ie SMTP), how do we allow general flow (not through the tunnel, as in inbound SMTP from the Internet) as well as through the tunnel (as in client on remote side of VPN accessing server via the tunnel.

Existing line in our code allows mail to flow from Internet in:

ip nat inside source static tcp 192.168.1.5 25 [public ip] 25 extendable

and its ACL entry:

access-list 150 permit tcp any host [public ip] eq 25

Also we have an ACL line:

access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255

What more is needed to allow SMTP among other ports we need) pass via the VPN?

Thank you for any input.

1 REPLY
Silver

Re: Pass traffic for both NAT and non-NAT port

Cisco Secure PIX Firewalls are commonly used in site-to-site VPN deployment where the PIXes are used as IPsec VPN termination devices. In either the simple site-to-site design or the more complicated hub-and-spoke design, people sometimes want to monitor all the PIX Firewalls using the Simple Network Management Protocol (SNMP) server and syslog server located at a central site.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094469.shtml

91
Views
0
Helpful
1
Replies
CreatePlease login to create content