Urgent Solution on VPN

arumugasamy · ‎03-25-2006

Dear Sachin/Parric,

Please i Kindly request you to solve this issue .It is very urgent.

I have the perimeter adsl router (cisco 2801adsl router) with single Routed IP address assigned by the Local ISP.

My scope is to extablish the site-to-site vpn tunnel using pix firewall as vpn gateway behind the adsl router.

I have to also open the port for the OWA, WEB server running in the DMZzone.

Could you explain the commands to be used in the 2801 router (port mapping for VPN, WEB, OWA)

and where to forward the traffic from router to the inside secure network.

I want to know both router and firewall configuration tips to complete the tasks.

Thanks

swamy

jackko · ‎03-25-2006

www <--> (1.1.1.1) 2801 (192.168.0.1) <--> (192.168.0.2) pix (192.168.100.1) <--> private net

pix (192.168.200.1) <--> dmz net

web server (192.168.0.100/192.168.200.100)

owa server (192.168.0.101/192.168.200.101)

on 2801:

ip nat inside source static tcp 192.168.0.100 80 1.1.1.1 80

ip nat inside source static tcp 192.168.0.101 443 1.1.1.1 443

ip nat inside source static tcp 192.168.0.2 500 1.1.1.1 500

ip nat inside source static tcp 192.168.02 4500 1.1.1.1 4500

on pix:

static (dmz,outside) tcp 192.168.0.100 80 192.168.200.100 80 netmask 255.255.255.255

static (dmz,outside) tcp 192.168.0.101 443 192.168.200.101 443 netmask 255.255.255.255

arumugasamy · ‎03-26-2006

Dear Mr.Jackko,

Thank you very much forr your reply with solution.

Thanks lots

swamy

m.sir · ‎03-27-2006

IKE and NAT over UDP are using UDP instead TCP

So it should be

ip nat inside source static UDP 192.168.0.2 500 1.1.1.1 500

ip nat inside source static UDP 192.168.02 4500 1.1.1.1 4500

Not TCP

M.