I have a site to site VPN connection configured from our PIX 506 (6.3.5) to one of our vendor's VPN concentrators. This VPN was set up for an application. I have been told that the vendor needs specified ports forwarded to our server, LAN IP 192.168.1.1 over the VPN tunnel. How do I do this? Do I just enter a command similar to this:
static (inside,outside) tcp interface 11660 192.168.1.1 11660 netmask 255.255.255.255 0 0
or do I need to do something special since it is over a VPN tunnel. I'm a bit confused about this and any help would be appreciated. I have to perform this work remotely so I want to make sure I don't lock myself out of the PIX. I can only access the PDM remotely...Let me know if I need to provide more info. Thanks.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
I'm a little confused about what the vendor thinks to be honest. They are well aware that the VPN is in place (they were part of the testing). They are telling me that their application is not able to reach its destination on the specified ports...but they can ping. I'm starting to think that I should have created a VPN connection that allowed traffic ONLY to the server. Does this sound right?
It would depend on what you are trying to achieve. Most often you would create site to site VPN, allowing connections to all devices, but it is not mandatory. Regardless site to site would not block any ports on the server.
Is there any chance there is a software firewall, such as the Windows firewall, enabled on the server to which they are trying to connect. That could block their traffic.
Business Accounts
Answer for Membership
by: RobWillPosted on 2007-07-25 at 11:33:15ID: 19568400
As a rule ports are "forwarded" to allow specific traffic to pass through a firewall/router (usually a NAT device - Network Address Translation) to a specific device, such as a web server or remote desktop connection. With a VPN all ports are open and all traffic free to flow between two sites, by default. Assuming no access restrictions have been put in place your servers should be readily available. Are they aware you have a VPN in place, or might they think this is a connection over the public Internet which would require port forwarding rules to access. Or, are they connecting from another location than one end or the other of the VPN tunnel?