cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1457
Views
0
Helpful
1
Replies

ZBF commands to open OpenVPN port in on Cisco 1812

John Naggets
Level 1
Level 1

Hello,

I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:

ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194

ip port-map user-openvpn port udp 1194 description OpenVPN

access-list 103 permit udp any host 10.0.0.5 eq 1194

class-map type inspect match-all sdm-nat-openvpn-1

match access-group 103

policy-map type inspect sdm-pol-NATOutsideToInside-1

! other class types here for SSH & HTTP

class type inspect sdm-nat-openvpn-1

  inspect

class class-default

  drop log

Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?

Thanks for your help.

Best,

John

1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

John,

The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped?

Login via Telnet/SSH and do in config mode:

IP inspect log drop-pkt

Do term mon

Then try to initialize the VPN session and check what you get.

Mike Rojas.

Mike
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: