FIFBA
asked on
Port forward over VPN tunnel
I have a site to site VPN connection configured from our PIX 506 (6.3.5) to one of our vendor's VPN concentrators. This VPN was set up for an application. I have been told that the vendor needs specified ports forwarded to our server, LAN IP 192.168.1.1 over the VPN tunnel. How do I do this? Do I just enter a command similar to this:
static (inside,outside) tcp interface 11660 192.168.1.1 11660 netmask 255.255.255.255 0 0
or do I need to do something special since it is over a VPN tunnel. I'm a bit confused about this and any help would be appreciated. I have to perform this work remotely so I want to make sure I don't lock myself out of the PIX. I can only access the PDM remotely...Let me know if I need to provide more info. Thanks.
static (inside,outside) tcp interface 11660 192.168.1.1 11660 netmask 255.255.255.255 0 0
or do I need to do something special since it is over a VPN tunnel. I'm a bit confused about this and any help would be appreciated. I have to perform this work remotely so I want to make sure I don't lock myself out of the PIX. I can only access the PDM remotely...Let me know if I need to provide more info. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It would depend on what you are trying to achieve. Most often you would create site to site VPN, allowing connections to all devices, but it is not mandatory. Regardless site to site would not block any ports on the server.
Is there any chance there is a software firewall, such as the Windows firewall, enabled on the server to which they are trying to connect. That could block their traffic.
Is there any chance there is a software firewall, such as the Windows firewall, enabled on the server to which they are trying to connect. That could block their traffic.
ASKER
Windows firewall is not on but I have just discovered I cannot telnet to the required port on the server over the VPN. Do you have any ideas on how to determine what could be the problem? Thanks for the help so far...
ASKER
I'm starting to think the vendor did not set up application properly and that the application is not using the specified ports...I can telnet all well known services over VPN. Thanks again for the help...
Sounds good. May be an error on their part as you say.
Thanks FIFBA.
Cheers !
--Rob
Thanks FIFBA.
Cheers !
--Rob
ASKER