cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

926
Views
0
Helpful
5
Replies
bjames
Enthusiast

SA 540 real firewall ports and pass-thru

I am looking to pass thru AH and ESP straight through some SA540's to UC540's for a multi-site configuration. Cisco can you please tell me if the SA540's will allow configuration of these types of ports and protocols to be passed through them?

Thanks in advance,

Bob James

5 REPLIES 5
wichilds
Enthusiast

Bob,

The SA series doe not do protocol forwarding. It will only do protocol binding and port forwarding. Neither of which will help you accomplish your goal. You should look into using the multisite manager feature of the UC to build your tunnel and if you need assistance the SBSC is a good resource in such a situation.

Bill

Thanks Bill

A little dissappointed in the product then, I will go back to the ASA (If I can ever get one). Yes I am aware of the supported design of multi-site, but due to the customers uniqe network, a standard multisite design will not work.

Bob James

nmanglik
Cisco Employee

Hi Bob,

To perform a VPN pass through on SA500 to connect to UC540, please apply these 2 rules on the firewall on SA500.

1. From WAN to LAN, under Service -> IKE, Action -> Allow

2. From WAN to LAN, under Service -> IPSec-UDP-ENCAP, Action -> Allow

Thanks.

This counters Bill's comments above. What if I want to do IPSEC over TCP?

Bob

Hi Bob,

To do IPSec over TCP, you will need to add the TCP port as a custom port. On SA500, go to Firewall -> Service and add the rule for the tcp port.

Thanks.