One of my friend has a cisco ASA 5500 and he has cisco vpn software installed to connect vpn. he is planning to bring an utm box and wants to keep cisco also.
Right now cisco is configured with a public ip for vpn (ex: 115.254.x.x)
he wants to connect that IP (ex: 115.254.x.x) in utm and do a port forwarding on IP (Ex: 192.168.15.3) Cisco ASA 5500 IP.
Is it possible to do port forwarding from one utm to cisco?
Yes, that can work. But it depends on the correct configuration of the UTM.
If it doesn't work that way (of course it should) consider switching the order of devices. Keep the ASA as first line of defense directly connected to the internet and use the UTM behind that.
That should work if the UTM doesn't act on his own on the VPN traffic. Locally configured services typically have a higher priority than port-forwarding.
Did you also change the default-route on the ASA to use the UTM (192.168.15.1)?
While connecting you should see the connection-attempt on the ASA and with the capture-command you also should see the packets on the outside interface.
>No I haven't changed the default route on ASA to use the utm.
That is needed. Without the default-route the ASA can't answer the VPN-connections.
> What do you mean by " locally configured services have higher priority "?
If you configure to forward all IP to a different device and at the same time enable IPsec-VPNs, then typically all traffic with the exception of IPsec is forwarded. That also could be a reason when no IPsec traffic reaches the ASA.
You should have something like the following:
ip address 192.168.15.3 255.255.255.0
route outside 0.0.0.0 0.0.0.0 192.168.15.1