Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2812
Views
0
Helpful
4
Replies

How to Port Forward over a VPN?

robertpsitro
Level 1
Level 1

‎05-31-2012 06:57 AM

I one site in NY that is connected via L2L VPN to a data center. I also have one site in LA that is connected via L2L VPN to the same data center. How do I go about port forwading traffic from the NY site to the LA site via the VPN tunnels to the data center?

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-31-2012 07:58 PM

What do you mean by port forwarding from NY to LA?

Do you mean to say you would like to access LA site from NY, and vice versa through the VPN tunnel to the data center?

If that is the case, then you can add crypto ACL for those site as follows:

On NY VPN tunnel to Data Center:

- crypto ACL: source: NY subnet, destination: LA subnet

- NAT exemption: source: NY subnet, destination: LA subnet

On LA VPN tunnel to Data Center:

- crypto ACL: source: LA subnet, destination: NY subnet

- NAT exemption: source: LA subnet, destination: NY subnet

On Data Center VPN tunnel to NY:

- crypto ACL: source: LA subnet, destination: NY subnet

On Data Center VPN tunnel to LA:

- crypto ACL: source: NY subnet, destination: LA subnet

If you have ASA on your Data Center, then also add: same-security-traffic permit intra-interface

0 Helpful

robertpsitro
Level 1
Level 1
In response to Jennifer Halim

‎06-01-2012 06:07 AM

if 2 ports are needed for each service in NY adn the same 2 ports in LA could I use port forwarding though?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to robertpsitro

‎06-01-2012 08:07 PM

Not quite sure by what you mean by 2 ports needed in NY and LA. Can you please explain?

0 Helpful

mikull.kiznozki
Level 1
Level 1

‎06-02-2012 10:18 PM

if my understanding is right you have 2 tunnels.

NY---------L2L--------------DC

LA-----------L2L--------------DC

to route trafffic from NY to LA using the DC ASA do the below:

on the NY to DC L2L configs:

at NY --add the LA network as the remote network in the cry map

at DC -- add the LA network as the local network in the cry map

in the LA to DC L2L configs

at LA --add the NY network as the remote network in the cry map

at DC --add the NY network as the local network in the cry map

if you have no current VPN filters on both the L2L tunnel configs, the traffic from LA will hit NY thru the DC ASA.

PS: your NAT exemptions have to be perfect as well to achieve the above.

HTH

OOpps. didn't see Jen's reply there. I basically repeated what she said. that would do it for you Rob. no other fancy ports you need

0 Helpful
Customers Also Viewed These Support Documents