Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1678
Views
0
Helpful
1
Replies

ZBF commands to open OpenVPN port in on Cisco 1812

John Naggets
Level 1
Level 1

‎04-19-2013 11:03 AM - edited ‎03-11-2019 06:31 PM

Hello,

I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:

ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194

ip port-map user-openvpn port udp 1194 description OpenVPN

access-list 103 permit udp any host 10.0.0.5 eq 1194

class-map type inspect match-all sdm-nat-openvpn-1

match access-group 103

policy-map type inspect sdm-pol-NATOutsideToInside-1

! other class types here for SSH & HTTP

class type inspect sdm-nat-openvpn-1

  inspect

class class-default

  drop log

Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?

Thanks for your help.

Best,

John

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎04-21-2013 08:31 PM

John,

The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped?

Login via Telnet/SSH and do in config mode:

IP inspect log drop-pkt

Do term mon

Then try to initialize the VPN session and check what you get.

Mike Rojas.

Mike
0 Helpful
Review Cisco Networking for a $25 gift card
Top