Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2800
Views
0
Helpful
4
Replies

UDP port forwarding

erloumiguel
Level 1
Level 1

‎05-27-2013 12:32 AM - edited ‎03-07-2019 01:34 PM

Hello,

We have a setup of a firewall in between my Cisco 1841 router and Switch.

Cisco Router --> Meraki Firewall--> Switch

Client VPN is configured on the Meraki Firewall but then for the outside users to client vpn in to the network, I have to port forward or open the ports 500 and 4500 to the IP address of the Meraki Firewall 192.168.1.90

I tried to play around with the natting but it was uncessful. Please kindly advise.

Here is the sh run

----

M5Router>en

M5Router#sh run

Building configuration...

Current configuration : 746 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname M5Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

ip cef

!

!

!

!

no ip domain lookup

ip name-server 165.21.83.88

ip name-server 165.21.100.88

!        

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

speed 100

full-duplex

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 dhcp 100

!

ip http server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

control-plane

!        

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

----

Thanks for your help.

Labels:
0 Helpful
4 Replies 4

blau grana
Level 7
Level 7

‎05-27-2013 01:19 AM

Hello Erlou,

Did you try?

ip nat inside source static udp 192.168.1.90 500 interface Fa0/0 500

ip nat inside source static udp 192.168.1.90 4500 interface Fa0/0 4500

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

Jan Rolny
Level 3
Level 3

‎05-27-2013 01:21 AM

Hello,

you will probably need to configure something like below. I am not sure if you can make NAT on interface where DHCP IP is configured instead of static IP.

This translate from inside to outisde when using port 80 (HTTP). So all client from internet accessing 10.0.0.1 will get response from HTTP server inside network(192.168.1.3)

ip nat inside source static tcp 192.168.1.90 80 10.0.0.1 80

Your configuration do all inside host are behind outside interface IP which may vary depend on DHCP lease from your provider.

Regards,

Jan

0 Helpful

Jan Rolny
Level 3
Level 3

‎05-27-2013 01:33 AM

Hi,

Blau Grana is right. But be careful when your outside IP will change

Best Regards,

Jan

0 Helpful

erloumiguel
Level 1
Level 1
In response to Jan Rolny

‎05-29-2013 10:11 PM

Hello,

Thanks.

we have resolved the issue, we just added a static route and it works.

ip route 192.168.2.0 255.255.255.0 192.168.1.90

192.168.2.0 is the client VPN network and the destination is the IP of the Firewall

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card