Re: VPNdial up and port forwarding to 8080

Home Forums Networking Cisco Security – PIX/ASA/VPN VPNdial up and port forwarding to 8080 Re: VPNdial up and port forwarding to 8080


ryansmitty
Member
#318531

Re: VPNdial up and port forwarding to 8080

Hey

Long time no chat! This makes this an even more interesting problem to solve. Im not sure to the extent the TAC engineer helped you troubleshoot, but do you still have the second nat entry that i suggest configured on your device? If so and when you attempt connection from a vpn client to the dmz server for PAT do you see any translation hits for that particulart entry when using the sh xlate command?

The other thing I am wondering is when you created your remote access vpn, did you use asdm or configure it by hand? There is an option to bypass the ACL on the outside interface which is turned on by default. Did you by chance disable that feature?

The utlimate way to really see what is going on is obviously by getting a packet capture sample when the vpn user tries to connect to the dmz host. Again assuming that you may have used ASDM you could use the packet tracer utility to simulate what happens when a vpn user tries to connect to the dmz host.

I know this is probably a long winded reply but I just want to try to cover as many bases as possible. Not to mention I would like to see if we can beat the TAC engineer with a solution before they respond :-)!