Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
1
Replies

Cisco 887 Conditional Port Forwarding

Asagohan
Level 1
Level 1

‎07-29-2021 10:13 PM

I have port forwarding configured on a CISCO 887 for client VPN like this: "ip nat inside source static udp 10.65.1.1 500 interface Loopback1 500" It forwards them to a Windows RRAS server.

 

However, now I am trying to set up a site-site VPN, but the tunnel fails to activate because port 500 is being forwarded to the RRAS server instead of using the Tunnel. I can't remove it because then users can't log in.

 

I have read that I should use route-map like this: "ip nat inside source static udp 10.65.1.1 500 interface Loopback1 500 route-map my_route_map" And my_route_map would permit which addresses the forwarding would apply to. However, the router does not seem to recognize this command.

 

There is this command: "ip nat inside source route-map my_route_map interface Loopback1 overload", but I don't think this controls port forwarding.

 

Is there a way I can achieve port forwarding, but only for specific source addresses? i.e. if it is from a certain IP, don't forward it, otherwise do forward.

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎07-30-2021 02:44 AM

Not sure that can be achieveble as per i know. (with the single IP address and same interface).

 

but you can do different approach : (example for ASA, but should work similar way on Router).

 

https://community.cisco.com/t5/vpn/port-forwarding-for-anyconnect-having-an-impact-on-ipsec/m-p/3703898#M146434

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents