02-09-2017 04:12 PM - edited 03-12-2019 01:54 AM
Hello,
Summary: On a ASA which is using site-to-site VPN connections, how can UDP ports for L2TP be NAT'ed to an internal server?
Detail: Internal windows server with RRAS and PPTP configured, and TCP port 1723 successfully mapped to the public address of the external interface using the following comand:
object RRAS-Server
host 192.168.0.1
nat (External,Inside) source static any any destination static interface RRAS-Server service TCP_1723 TCP_1723
While trying to add L2TP, the following command outputs "Unable to reserve ports":
object RRAS-Server-L2TP
host 192.168.0.1
nat (External,Inside) source static any any destination static interface RRAS-Server service UDP_1701 UDP_1701
Is it because L2TP might be in use on the ASA itself?
Solved! Go to Solution.
02-09-2017 05:32 PM
Microsoft uses L2TP over IPSec. IPSec is already in use on your ASA.
02-09-2017 05:32 PM
Microsoft uses L2TP over IPSec. IPSec is already in use on your ASA.
02-14-2017 09:17 AM
Thanks, I wasn't sure if NAT-T could be used to route IPSec to the RRAS instead of the ASA, but make sense that the ASA is already intercepting IPSec to the current VPNs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide