08-20-2014 09:25 AM - edited 03-04-2019 11:34 PM
Hello,
One of my friend has a cisco ASA 5500 and he has cisco vpn software installed to connect vpn. he is planning to bring an utm box and wants to keep cisco also.
Right now cisco is configured with a public ip for vpn (ex: 115.254.x.x)
he wants to connect that IP (ex: 115.254.x.x) in utm and do a port forwarding on IP (Ex: 192.168.15.3) Cisco ASA 5500 IP.
Is it possible to do port forwarding from one utm to cisco?
08-20-2014 10:33 AM
Yes, that can work. But it depends on the correct configuration of the UTM.
If it doesn't work that way (of course it should) consider switching the order of devices. Keep the ASA as first line of defense directly connected to the internet and use the UTM behind that.
08-20-2014 10:45 AM
08-20-2014 10:51 AM
That should work if the UTM doesn't act on his own on the VPN traffic. Locally configured services typically have a higher priority than port-forwarding.
Did you also change the default-route on the ASA to use the UTM (192.168.15.1)?
While connecting you should see the connection-attempt on the ASA and with the capture-command you also should see the packets on the outside interface.
08-20-2014 10:56 AM
08-20-2014 11:02 AM
>No I haven't changed the default route on ASA to use the utm.
That is needed. Without the default-route the ASA can't answer the VPN-connections.
> What do you mean by " locally configured services have higher priority "?
If you configure to forward all IP to a different device and at the same time enable IPsec-VPNs, then typically all traffic with the exception of IPsec is forwarded. That also could be a reason when no IPsec traffic reaches the ASA.
08-20-2014 11:09 AM
08-20-2014 11:17 AM
You should have something like the following:
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 192.168.15.3 255.255.255.0
route outside 0.0.0.0 0.0.0.0 192.168.15.1
08-20-2014 05:04 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide