Re: Port Forwarding / VPN Pass-Thru on a Cisco 2800

From: "Igor Mamuzic" <someone@xxxxxxxxxxx>
Date: Thu, 31 Aug 2006 16:09:38 +0200

Do you use IPSec vpn that wraps traffic in UDP packets? If so, UDP packets
will be NATed as all other UDP traffic and you'll be able to connect trough
this router onto another VPN server. This is default option if you use Cisco
EasyVPN and/or Cisco VPN clients. It works in my case and I also use 2800
ISR. The only additional thing to do is to open udp ports 500 and 4500 (src
and dst ports) in both directions (inbound and outbound), as well as esp and
ah traffic. Of course VPN server on another end must also be accessible from
the Internet by these udp ports.

Best Regards,
Igor

"Rob" <piperace@xxxxxxxxxx> wrote in message
news:1156965607.320141.55570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have a Cisco 2800 that is being used as a firewall. When I am behind
it and NATing to the Internet I am unable to VPN out to any VPN servers
because IPsec does not go accoss a NAT with out port forwarding. I am
trying to find out how to turn on port forwarding so that I can VPN to
remote locations. Any help would be much appreciated. Thanks

References:
- Port Forwarding / VPN Pass-Thru on a Cisco 2800
  - From: Rob

Prev by Date: Re: Help ... Which CISCO router to buy ?
Next by Date: Re: Firewall trouble
Previous by thread: Port Forwarding / VPN Pass-Thru on a Cisco 2800
Next by thread: Access points on wheels
Index(es):
- Date
- Thread

Relevant Pages

Re: Sessions Resource Exhaustion
... I was not being specific to VPN ports 500 ... If the VPN server would handle only N clients at a time, then the IPS ... It is easier to spoof UDP packets than ...
(Focus-IDS)
VPN OpenSwan&Xl2tp problem with big udp packets
... All the tcp traffic seems to work fine but my udp packets don't pass ... correctly inside the vpn. ... I have set my LAN interface with a mtu of 1400 and the WAN interface ... The client of the server is a modem/router/vpn client. ...
(comp.os.linux.networking)
UDP communication with vpn client
... connectionless UDP communication to communicate with other instances on a ... connected to a LAN via a VPN connection. ... UDP packets sent by the VPN client are successfully received by an instance ...
(microsoft.public.isa.vpn)
Re: Port Forwarding?
... I agree that I need the added security with a VPN. ... Here is my current setup at home. ... The term "Virtual Server" is D-Link speak for port forwarding. ...
(microsoft.public.windowsxp.network_web)
Re: VPN problems and Linksys BEFSR411????
... I didn't pick up on the fact the endpoint was behind the linksys. ... >he says he is trying to VPN from the internet to a VPN server behind the ... >where to send the VPN traffic, e.g. by port forwarding. ... Make sure only one VPN client is on the machine you are attempting ...
(comp.security.firewalls)