Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
7
Helpful
5
Replies

Port Forwarding and VPNs

Luis-elite3d
Level 1
Level 1

‎06-24-2015 12:29 AM

Hello,

We are using a Cisco RV325 for load balancing and VPNs in our office. We already have two site-to-site IPsec VPNs that are working fine, configured on it.

But another company has sent a Cisco ASA to set up an VPN with them. The initial plan was that the ASA will be connected to a swith that is connected to the RV325, but now them have asked me to forward on the RV325 all incoming IPsec traffic (port 500) to the ASA's IP. If I do that, the two other VPNs stop working, because their incoming traffic is now redirected to the ASA router.

 

The network infrastructure is:

     The Internet <--> two modems from our ISP's <--> Cisco RV325 <--> two switches <--> user's PCs, servers, Cisco ASA.

 

Is there any way to forward the incoming IPsec traffic from ONLY one specific public IP to an internal IP? Or maybe all traffic from that specific public IP?

 

Thanks in advance,

Luis.

 

Labels:
0 Helpful
5 Replies 5

cristgon
Level 1
Level 1

‎06-25-2015 10:42 AM

Hello Luis-elite3d,

Thank you for using the Cisco Small Business forums. My name is Cristian, I am an eContent developer and I am part of the Small Business Support Community. I would like to ask a couple of questions to have a better understanding of the problem. 

How did you forward the traffic to the ASA's IP that broke the other two VPNs? What ASA are you using? Have you tried creating an ACL on the RV325 that forwards IPsec from one IP to another?

 

*Please mark the question as Answered or rate it so other users can benefit from it*

Best,

Cristian Gonzalez

Cisco eContent Developer 

Luis-elite3d
Level 1
Level 1
In response to cristgon

‎06-26-2015 01:00 AM

Hi Cristian,

Thanks for your answer.

The ASA router is an Cisco ASA 5515-X. I don't have admin privileges on it, so its config can only be changed by the other company when the VPN is working.

When I tried to forward the IPsec traffic, I configured at the RV325 a port range forwarding, with service = IPsec [500], and destination = the ASA's IP. That way all the IPsec traffic was redirected, and not only the IPsec incoming from the public IP for that company (217.18.XXX.XXX).

 

The ACL seems to be the right answer to this issue, but I haven't found how to create it. In the Firewall > Access Rules the only actions are allow or deny, but not forward/redirect.

 

Thanks in advance,

 

Luis.

0 Helpful

cristgon
Level 1
Level 1
In response to Luis-elite3d

‎06-29-2015 02:27 PM

Hello Luis, 

Thank you for you patience, a colleague and I are currently looking for the best solution to your question. We did find this article about Advance Routing, particularly Static Routing:

http://sbkb.cisco.com/CiscoSB/ukp.aspx?login=1&pid=2&app=search&vw=1&articleid=4362

 

Best, 

Cristian

Cisco eContent Developer

Glenn Martin
Cisco Employee
Cisco Employee
In response to cristgon

‎07-02-2015 09:45 AM

Hi Luis: Just wondering if the Advanced Routing Guide help to resolve your issue?

0 Helpful

Luis-elite3d
Level 1
Level 1
In response to Glenn Martin

‎07-03-2015 12:46 AM

No, but I am going to try changing all the site-to-site VPNs (the IPsec VPNs created using the RV325 router) through 1 of the WAN connections (Internet line "A"), and the VPN that uses the ASA router throught the other WAN (Internet line "B"), and then to config a port forwarding for all IPsec incoming traffic from only WAN "B" to the ASA router.

What do you think? Will it work?

 

Thanks for your help,

 

Luis.

0 Helpful
Customers Also Viewed These Support Documents