cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4730
Views
0
Helpful
18
Replies

ERROR- Open port 1149 tcp for openvpn-nat

wyliansouzaup
Level 1
Level 1

I have to open port 1149 to be able to access OpenVPN, but I am not having success with the NAT configuration I made.
by the dTCP port checkert, is giving time out, in the output of the show ip nat translate is showing that is translating.
attached has the photos and the configuration of the router

 

the ip of the OpenVPN server is 10.10.10.1 and the ip of the wan is 200.216.228.48

 

If anyone can help me, thank you

 

----------------------------------------------------

interface FastEthernet0/0
ip address 192.168.5.254 255.255.255.0 secondary
ip address 200.149.100.81 255.255.255.248
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.1200
encapsulation dot1Q 1200
ip address 200.216.228.49 255.255.255.252
ip nat outside
ip virtual-reassembly in
crypto map clientmap
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/0
no ip address
ip nat outside
ip virtual-reassembly in
encapsulation ppp
shutdown
crypto map clientmap
!
ip local pool ippool 10.1.1.10 10.1.1.200
ip local pool OpenVPN 10.10.10.1 10.10.10.254
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat pool internet 200.149.100.81 200.149.80.22 netmask 255.255.255.248
ip nat inside source list 110 pool internet overload
ip nat inside source static tcp 10.10.10.1 1194 interface FastEthernet0/1.1200 1194
ip nat outside source static 200.149.100.81 192.168.5.1
ip route 0.0.0.0 0.0.0.0 200.216.228.50
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit tcp 10.10.10.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 1194
access-list 101 permit ip 192.168.5.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit tcp any any
access-list 110 deny ip 192.168.5.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 192.168.5.0 0.0.0.255 any

---------------------------------------------------------------------------------------------------

18 Replies 18

The OPENVPN server is on windows server that connects to interface 0/0.

What is happening is as follows.
I think the problem is on the OPENVPN server, because my configuration seems to be right and when I debug nat and test which sites that test TCPs ports, I get the message "Conection time out" from the site and cisco router I see that the translation of nat was done (see photo).

Some of the reasons I believe the problem is on the OPENVPN server, from the router I can't ping the ip from OPENVPN server 10.10.10.1.

Can someone tell me some way to prove that the translation is being done and what nat is working on, that the problem is on the OPENVPN server, or a way to check if the error is in my configuration?

Also, your LAN interface has two IP addresses, one is a public address ?

Yes, it also has a public ip

The problem still persists, does anyone know how to help?