cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
988
Views
0
Helpful
2
Replies

Forward L2TP from public interface to internal server "unable to reserver ports"

soeadmin1
Level 1
Level 1

Hello,

Summary: On a ASA which is using site-to-site VPN connections, how can UDP ports for L2TP be NAT'ed to an internal server?

Detail: Internal windows server with RRAS and PPTP configured, and TCP port 1723 successfully mapped to the public address of the external interface using the following comand:

object RRAS-Server

host 192.168.0.1

nat (External,Inside) source static any any destination static interface RRAS-Server service TCP_1723 TCP_1723

While trying to add L2TP, the following command outputs "Unable to reserve ports":

object RRAS-Server-L2TP

host 192.168.0.1

nat (External,Inside) source static any any destination static interface RRAS-Server service UDP_1701 UDP_1701

Is it because L2TP might be in use on the ASA itself?

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

Microsoft uses L2TP over IPSec.  IPSec is already in use on your ASA.

View solution in original post

2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

Microsoft uses L2TP over IPSec.  IPSec is already in use on your ASA.

Thanks, I wasn't sure if NAT-T could be used to route IPSec to the RRAS instead of the ASA, but make sense that the ASA is already intercepting IPSec to the current VPNs.

Review Cisco Networking for a $25 gift card