Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port forwarding with route map

Hi All,

I have a router 1841 connected with ADSL and behind this router connected ASA5520 with private IP Adresse.

the router ADSL is configured with vpn site-to-site with 3 sites:

i want to configure vpn remote client with ASA5520,

to do this i want to forward udp/500 and udp/4500 comming to router public IP to ASA private ip.

the problem is i want to forward request comming from all Public IP except those connected with router with vpn site-to-site.

i think it's possible with route map, but i don't know how to configure it.

can you help me plz, many thanks.

yoyo

8 REPLIES

Re: port forwarding with route map

An extended ACL  - based on src/dst to block the L2L VPN, and forward everything else.

HTH>

New Member

Re: port forwarding with route map

Hi,

thta's what i did,

i creat an ACL

access-list 120 deny   ip host A.A.A.A any log
access-list 120 deny   ip host B.B.B.B any log
access-list 120 deny   ip host C.C.C.C any log
access-list 120 deny   ip any host A.A.A.A log
access-list 120 deny   ip any host B.B.B.B log
access-list 120 deny   ip any host C.C.C.C log
access-list 120 permit ip any any log

and i create a route map

route-map map-forward permit 1
match ip address 120

and i create a nat with

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

the problem that the acl match the last one any any i don't know why.

any help

Re: port forwarding with route map

It's because you have placed it in the wrong place for the wrong thing.

Post your config for review

New Member

Re: port forwarding with route map

joined the config,

thanks a lot for help.

Re: port forwarding with route map

Add "ip nat inside" under vlan 2 interface and test.

New Member

Re: port forwarding with route map

I add ip nat inside under vlan2

but still not wroking, just i add the command:

ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable

i lose connexion with all site connected with vpn site-to-site with router.

New Member

Re: port forwarding with route map

Any help or suggestions plz??

Re: port forwarding with route map

remove what I suggested, that will get it all back working.

2248
Views
0
Helpful
8
Replies