cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1147
Views
0
Helpful
1
Replies
Highlighted
Beginner

ZBF commands to open OpenVPN port in on Cisco 1812

Hello,

I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:

ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194

ip port-map user-openvpn port udp 1194 description OpenVPN

access-list 103 permit udp any host 10.0.0.5 eq 1194

class-map type inspect match-all sdm-nat-openvpn-1

match access-group 103

policy-map type inspect sdm-pol-NATOutsideToInside-1

! other class types here for SSH & HTTP

class type inspect sdm-nat-openvpn-1

  inspect

class class-default

  drop log

Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?

Thanks for your help.

Best,

John

Everyone's tags (3)
1 REPLY 1
Cisco Employee

ZBF commands to open OpenVPN port in on Cisco 1812

John,

The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped?

Login via Telnet/SSH and do in config mode:

IP inspect log drop-pkt

Do term mon

Then try to initialize the VPN session and check what you get.

Mike Rojas.

Mike
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here