Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
4
Replies

Port fwd question

mstover57616
Level 1
Level 1

‎06-16-2021 12:34 PM

I am a very new to cisco.  I have a little handle on it and will start ccna training in July.  I am a sysadmin at company that is being acquired by another.  We have a UNIFI network and I have a vpn server configured on it.  We are adding an ASA between out internet and the USG with a site to site vpn configured to our new HQ.  Now the WAN public IP is on the ASA and I want it to forward the user VPN traffic to the USG on the inside. I don't think I can just fwd L2TP packets because the site to site VPN uses L2TP as well.  

 

I do have 5 public IPs so I want to have an IP for the site to site & an IP for the users VPN (& security cams).  My question is do I need to use a 2nd interface for the 2nd public IP & then configure all the acls or can I assign the g 0/0 with 2 different IP (like a sub interface) and have it forward to the USG inside the ASA?  I know this is rather trivial but I have been having a hard time finding some direction on this.

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎06-16-2021 01:09 PM

You do not need seconds interface configuration, you need Public IP so you can do port forward.

 

you mean you have L2TP Server and also site to site VPN ?

 

you need  1701 1723 and 500 and 450 allowed in port forward.

 

Look below example :

https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/td-p/769250

https://community.spiceworks.com/topic/584870-l2tp-through-asa-5505-to-microsoft-remote-access-srever

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mstover57616
Level 1
Level 1
In response to balaji.bandi

‎06-16-2021 01:20 PM

Won't that affect the site-to-site also.  Both VPNs ,the user & the site-to-site are using L2TP.  If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mstover57616

‎06-16-2021 01:24 PM - edited ‎06-16-2021 01:25 PM

High level You need to use different Public IP address for each service.

 

If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?

 

Not sure if i understand this correctly?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mstover57616
Level 1
Level 1
In response to balaji.bandi

‎06-16-2021 01:27 PM

Yes, i understand that.  So 2 different interfaces? ...... or can I assign them both to the g 0/0 where my WAN interface is? Does sub interface work here? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card