Announcement

Collapse
No announcement yet.

IPSec port forwarding w/ NAT traversal

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IPSec port forwarding w/ NAT traversal

    here's a quick diagram:

    *internet* ------ [cisco 831] ------ (pix) ------- *private network*

    i've done the ipsec vpn setup on the pix, and i tested it on the network between the 831 and the pix; it works.

    can someone tell me what ports/protocols/etc i need to forward on the 831 to the pix?

    i know how to port forward, but i don't know if you can forward protocols right? i think i'll just need to let the router accept those protocols?

    also, since the traffic is passing through a NAT to get to the pix, do i need to do enter any commands to prevent disruption?

  • #2
    Re: IPSec port forwarding w/ NAT traversal

    you'll need a access-list silmiar to this on the outside (in) interface on the 831:

    permit esp any any
    permit ah any any
    permit udp any any eq 500
    permit udp any any eq 4500

    If your vpn client and the PIX are recent they should automatically negociate NAT-T, thats what the port 4500 above is for. If not check the Cisco docs on how to enable NAT-T.

    Comment


    • #3
      Re: IPSec port forwarding w/ NAT traversal

      how do i forward all traffic from my dhcp/cable wan interface to my firewall?

      Comment


      • #4
        Re: IPSec port forwarding w/ NAT traversal

        can anyone help me out w/ the redirect commands?

        Comment

        Working...
        X