03-20-2017 09:46 PM
Hello everyone.
I have ASA5525x with 9.2 IOS. Can I forward the L2TP ports to DMZ, where I have configured L2TP Server?
03-20-2017 09:56 PM
Is your ASA currently terminating any IPSec traffic?
Is your DMZ using public IP addressing, or do you have a spare public IP address you can assign/NAT to this host?
03-22-2017 10:26 PM
From local network it is working well. Also PPTP is working from outside without any problem.
I configured with the following settings, but it is not working. May be I missed any parameters?
object network L2TP-SERVER
host 1.1.1.1
nat (dmz,outside) static 46.46.46.35 service udp 1701 1701
object network L2TP-SERVER-500
host 1.1.1.1
nat (dmz,outside) static 46.46.46.35 service udp 500 500
object-group network WAN-IP
network-object host 49.49.49.35
network-object host 49.49.49.36
access-list OUTSIDE_IN extended permit udp object-group WAN-IP object L2TP-SERVER
access-list OUTSIDE_IN extended permit esp object-group WAN-IP object L2TP-SERVER
policy-map global_policy
class inspection_default
inspect ipsec-pass-thru
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide