Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding from different Sources

Status
Not open for further replies.
bbbmp3

bbbmp3

IS-IT--Management
Sep 13, 2008
3
We have a Cisco 878 router with a Fortigate 100A behind it the Cisco creates a IPSEC VPN for a certain application to an industry based Web portal, what I want to be able to do is create another IPSEC site to site VPN between the Fortigate 100A at this site and another Fortigate at another site.
I can do this if I forward UDP 500 and 4500 through the Cisco to the Fortigate but this stops the Cisco' own VPN as I have explained above.
Is there any way of forwarding ports 500 and 4500 that come from 1 Static external IP address so that the Cisco can use its VPN and 500 & 4500 from the other site can create the Fortigate to Fortigate VPN
 
Sort by date Sort by votes
ip nat inside source static tcp (fortinet_inside_ip) 500 int (outside_interface) 500

Same for port 4500. You need a static NAT translation from the public IP to the private and vice-versa.

Burt
 
Upvote 0 Downvote
Doesn't that command forward all traffic on port 500 to the internal address specified ?
ip nat inside source static udp 192.168.3.2 500 interface Dialer0 500
I have already removed this as it affects the Cisco's VPN
I want to forward traffic from only the 1 external static address from 2nd site through to the Fortigate.
Or would a better option be to forward all ports from the second site to the Fortigate
 
Upvote 0 Downvote
Either replace this
interface Dialer0 500
with the IP address of the fortinet, or maybe it's like that except with an outside source...
ip nat outside source tcp IP_OF_FORTINET 500 192.168.x.x 500
Something like that---I have never had any reason to use an outside NAT translation...let me research this...at least we now have a foundation on what to research now...

Burt
 
Upvote 0 Downvote
If I do a one to one static NAT translation so that all traffic from the external IP off the second sitye is passed through to the Fortigate willthis work ?
 
Upvote 0 Downvote
Hello
The access-list just permits traffic to that inside host.To port forward you will need the below command:

ip nat inside source static tcp 192.168.1.10 143 interface Ethernet1 143

If this doesn’t work try with a basic conf,then once you get it working put the Firewall stuff later.Also make sure you cable Modem is forwarding all ports.

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
239
Zero6
Zero6
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
223
DTGMI
DTGMI
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
240
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
180
BleuBell
BleuBell
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
160
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top