topic ZBF commands to open OpenVPN port in on Cisco 1812 in Network Security https://community.cisco.com/t5/network-security/zbf-commands-to-open-openvpn-port-in-on-cisco-1812/m-p/2181927#M351407 <P>Hello,</P><P></P><P>I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:</P><P></P><P>ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194</P><P>ip port-map user-openvpn port udp 1194 description OpenVPN</P><P>access-list 103 permit udp any host 10.0.0.5 eq 1194</P><P></P><P>class-map type inspect match-all sdm-nat-openvpn-1</P><P> match access-group 103</P><P></P><P>policy-map type inspect sdm-pol-NATOutsideToInside-1</P><P>! other class types here for SSH &amp; HTTP</P><P> class type inspect sdm-nat-openvpn-1</P><P>&nbsp; inspect</P><P> class class-default</P><P>&nbsp; drop log</P><P></P><P>Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?</P><P></P><P>Thanks for your help.</P><P></P><P>Best,</P><P>John</P> Tue, 12 Mar 2019 01:31:48 GMT John Naggets 2019-03-12T01:31:48Z ZBF commands to open OpenVPN port in on Cisco 1812 https://community.cisco.com/t5/network-security/zbf-commands-to-open-openvpn-port-in-on-cisco-1812/m-p/2181927#M351407 <P>Hello,</P><P></P><P>I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:</P><P></P><P>ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194</P><P>ip port-map user-openvpn port udp 1194 description OpenVPN</P><P>access-list 103 permit udp any host 10.0.0.5 eq 1194</P><P></P><P>class-map type inspect match-all sdm-nat-openvpn-1</P><P> match access-group 103</P><P></P><P>policy-map type inspect sdm-pol-NATOutsideToInside-1</P><P>! other class types here for SSH &amp; HTTP</P><P> class type inspect sdm-nat-openvpn-1</P><P>&nbsp; inspect</P><P> class class-default</P><P>&nbsp; drop log</P><P></P><P>Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?</P><P></P><P>Thanks for your help.</P><P></P><P>Best,</P><P>John</P> Tue, 12 Mar 2019 01:31:48 GMT https://community.cisco.com/t5/network-security/zbf-commands-to-open-openvpn-port-in-on-cisco-1812/m-p/2181927#M351407 John Naggets 2019-03-12T01:31:48Z ZBF commands to open OpenVPN port in on Cisco 1812 https://community.cisco.com/t5/network-security/zbf-commands-to-open-openvpn-port-in-on-cisco-1812/m-p/2181928#M351408 <HTML><HEAD></HEAD><BODY><P>John,</P><P></P><P>The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped? </P><P></P><P>Login via Telnet/SSH and do in config mode: </P><P></P><P>IP inspect log drop-pkt </P><P>Do term mon </P><P></P><P>Then try to initialize the VPN session and check what you get. </P><P></P><P>Mike Rojas. </P></BODY></HTML> Mon, 22 Apr 2013 03:31:58 GMT https://community.cisco.com/t5/network-security/zbf-commands-to-open-openvpn-port-in-on-cisco-1812/m-p/2181928#M351408 Maykol Rojas 2013-04-22T03:31:58Z