cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
4
Replies

Port fwd question

mstover57616
Beginner
Beginner

I am a very new to cisco.  I have a little handle on it and will start ccna training in July.  I am a sysadmin at company that is being acquired by another.  We have a UNIFI network and I have a vpn server configured on it.  We are adding an ASA between out internet and the USG with a site to site vpn configured to our new HQ.  Now the WAN public IP is on the ASA and I want it to forward the user VPN traffic to the USG on the inside. I don't think I can just fwd L2TP packets because the site to site VPN uses L2TP as well.  

 

I do have 5 public IPs so I want to have an IP for the site to site & an IP for the users VPN (& security cams).  My question is do I need to use a 2nd interface for the 2nd public IP & then configure all the acls or can I assign the g 0/0 with 2 different IP (like a sub interface) and have it forward to the USG inside the ASA?  I know this is rather trivial but I have been having a hard time finding some direction on this.

4 Replies 4

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

You do not need seconds interface configuration, you need Public IP so you can do port forward.

 

you mean you have L2TP Server and also site to site VPN ?

 

you need  1701 1723 and 500 and 450 allowed in port forward.

 

Look below example :

https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/td-p/769250

https://community.spiceworks.com/topic/584870-l2tp-through-asa-5505-to-microsoft-remote-access-srever

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Won't that affect the site-to-site also.  Both VPNs ,the user & the site-to-site are using L2TP.  If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?

High level You need to use different Public IP address for each service.

 

If i forward the ports used for LT2P, wont it forward traffic coming from the headquarters?

 

Not sure if i understand this correctly?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, i understand that.  So 2 different interfaces? ...... or can I assign them both to the g 0/0 where my WAN interface is? Does sub interface work here? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers