Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SA 540 real firewall ports and pass-thru

I am looking to pass thru AH and ESP straight through some SA540's to UC540's for a multi-site configuration. Cisco can you please tell me if the SA540's will allow configuration of these types of ports and protocols to be passed through them?

Thanks in advance,

Bob James

5 REPLIES
New Member

Re: SA 540 real firewall ports and pass-thru

Bob,

The SA series doe not do protocol forwarding. It will only do protocol binding and port forwarding. Neither of which will help you accomplish your goal. You should look into using the multisite manager feature of the UC to build your tunnel and if you need assistance the SBSC is a good resource in such a situation.

Bill

New Member

Re: SA 540 real firewall ports and pass-thru

Thanks Bill

A little dissappointed in the product then, I will go back to the ASA (If I can ever get one). Yes I am aware of the supported design of multi-site, but due to the customers uniqe network, a standard multisite design will not work.

Bob James

New Member

Re: SA 540 real firewall ports and pass-thru

Hi Bob,

To perform a VPN pass through on SA500 to connect to UC540, please apply these 2 rules on the firewall on SA500.

1. From WAN to LAN, under Service -> IKE, Action -> Allow

2. From WAN to LAN, under Service -> IPSec-UDP-ENCAP, Action -> Allow

Thanks.

New Member

Re: SA 540 real firewall ports and pass-thru

This counters Bill's comments above. What if I want to do IPSEC over TCP?

Bob

New Member

Re: SA 540 real firewall ports and pass-thru

Hi Bob,

To do IPSec over TCP, you will need to add the TCP port as a custom port. On SA500, go to Firewall -> Service and add the rule for the tcp port.

Thanks.

670
Views
0
Helpful
5
Replies