|
Posted by Darren Green on July 21, 2006, 2:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi!
>
> I have remote clients at sites with very restrictive firewalls which
> allow only tcp/80 and tcp/443 outbound. I need to enable their
> remote access IPsec VPN clients, and the only way I can think
> of to do this is to 'deploy' and IP address, have their VPN clients
> point to it on tcp/443, instead of the normal port. Then I'd like the
> router, which has a *very* basic configuration, re-direct traffic
> destined for that address on tcp/443 to the ASA on tcp/10000,
> for example. Is that possible, and if so, how?? A nice, clear
> example would be **greatly** appreciated! TIA!!!
>
> -r
>
Hi,
I have an old config for TFTP that I dug out. Whilst this was on an 837 I am
sure that you could modify for your own purpose. The important lines were:
ip nat inside source list 110 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 69 interface Dialer0 69
access-list 110 remark Nat list
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
So...I allowed anything from inside to outside to be natted. The 2nd
statement mapped 192.168.1.2 on my LAN range to the Dialer 0 public IP for
TFTP.
The syntax for this command with details on how to specify the port no's is
here:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftnatis.htm
HTH.
Regards
Darren
|