in
Questions and answers to issues related to Hardware: Apple, Components, Monitors, Handhelds, Laptops, motherboard, Networking, Storage. » Networking Hardware » Routers » Problem: Cisco Port Forwarding for VPN on DMZ

Cisco Port Forwarding for VPN on DMZ

This is a quick drawing of my current setup: http://www.tharo.com/network-20080114.jpg

I just added the VPN firewall. It seems to be working fine. If I put a machine on the 192.168.4.0/24 network, I can access it through the VPN. The problem is, I am not even able to ping 192.168.4.2 interface on the Cisco router through the VPN (on 192.168.10.0/24). I tried putting a secondary ip on that interface in the 192.168.10.0/24 network, but I am still unable to ping it or access anything through it. Here's my Cisco config. Any ideas what i'm doing wrong?
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:

interface FastEthernet0/0
 description LAN
 ip address 192.168.5.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 duplex auto
 speed auto
 
interface Ethernet1/0
 description DMZ for VPN
 ip address 192.168.4.2 255.255.255.0
 ip nat outside
 full-duplex
 
interface Ethernet1/1
 description Unused
 no ip address
 shutdown
 full-duplex
 
interface Ethernet1/2
 description T1 connection
 ip address 1.2.14.170 255.255.255.240
 ip nat outside
 full-duplex
 
interface Ethernet1/3
 description DSL Backup Connection
 ip address 192.168.7.2 255.255.255.252
 ip nat outside
 full-duplex
 
ip nat inside source route-map DSL interface Ethernet1/3 overload
ip nat inside source route-map T1 interface Ethernet1/2 overload
ip nat inside source static tcp 192.168.5.25 222 192.168.4.2 222 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.3.161
ip route 0.0.0.0 0.0.0.0 192.168.7.1 2
 
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 permit ip any any
route-map DSL permit 10
 match ip address 1
 match interface Ethernet1/3
 
route-map T1 permit 10
 match ip address 1
 match interface Ethernet1/2
Open in New Window Select All
Movie Stars

Solution: Cisco Port Forwarding for VPN on DMZ

You need to add a static route on your 2600 router to point traffic destined for your VPN client pool (I believe you said 192.168.10.0/24 is the VPN client pool?) to the inside IP address of the VPN firewall.  Something like this:

ip route 192.168.10.0 255.255.255.0 192.168.4.1

See if that helps...

Popular Tags

Browse All Tags