0

We use Openvpn in our company to connect external clients with our office network. After setting up the new router Cisco ASA 5505 we need to forward the ports for Openvpn and WWW in order to keep this both services running.

My understanding is that i need to set up this 5 port forwardings in the firewall to keep the services running:

Outside UDP 443 -> INTERNALIPADDRESS 1194
Outside UDP 1194 -> INTERNALIPADDRESS 1194
Outside TCP 443 -> INTERNALIPADDRESS 1194
Outside TCP 1194 -> INTERNALIPADDRESS 1194
Outside TCP 80 -> INTERNALIPADDRESS 80

Can anyone give me a hint how to configure this translation rules from CLI. Thanks a lot.

1 Answers1

1
access-list OUTSIDE_IN extended permit tcp any host INTERNALIPADDRESS eq 443
access-list OUTSIDE_IN extended permit udp any host INTERNALIPADDRESS eq 443
access-list OUTSIDE_IN extended permit tcp any host INTERNALIPADDRESS eq 1194
access-list OUTSIDE_IN extended permit udp any host INTERNALIPADDRESS eq 1194
access-list OUTSIDE_IN extended permit tcp any host INTERNALIPADDRESS eq 80


static (inside,outside) tcp interface 443 INTERNALIPADDRESS 1194 netmask 255.255.255.255
static (inside,outside) udp interface 443 INTERNALIPADDRESS 1194 netmask 255.255.255.255
static (inside,outside) tcp interface 1194 INTERNALIPADDRESS 1194 netmask 255.255.255.255
static (inside,outside) udp interface 1194 INTERNALIPADDRESS 1194 netmask 255.255.255.255
static (inside,outside) tcp interface 80 INTERNALIPADDRESS 80 netmask 255.255.255.255

I think that is what you would need. You might be able to combine the tcp and udp ones to make the list smaller.

evolvd
  • 1,384
  • 6
  • 33
  • 58