Link to home
Start Free TrialLog in
Avatar of FIFBA
FIFBA

asked on

Port forward over VPN tunnel

I have a site to site VPN connection configured from our PIX 506 (6.3.5) to one of our vendor's VPN concentrators.  This VPN was set up for an application. I have been told that the vendor needs specified ports forwarded to our server, LAN IP 192.168.1.1 over the VPN tunnel. How do I do this? Do I just enter a command similar to this:
 static (inside,outside) tcp interface 11660 192.168.1.1 11660 netmask 255.255.255.255 0 0
or do I need to do something special since it is over a VPN tunnel. I'm a bit confused about this and any help would be appreciated. I have to perform this work remotely so I want to make sure I don't lock myself out of the PIX. I can only access the PDM remotely...Let me know if I need to provide more info. Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of FIFBA
FIFBA

ASKER

I'm a little confused about what the vendor thinks to be honest. They are well aware that the VPN is in place (they were part of the testing). They are telling me that their application is not able to reach its destination on the specified ports...but they can ping. I'm starting to think that I should have created a VPN connection that allowed traffic ONLY to the server. Does this sound right?
It would depend on what you are trying to achieve. Most often you would create site to site VPN, allowing connections to all devices, but it is not mandatory. Regardless site to site would not block any ports on the server.

Is there any chance there is a software firewall, such as the Windows firewall, enabled on the server to which they are trying to connect. That could block their traffic.
Avatar of FIFBA

ASKER

Windows firewall is not on but I have just discovered I cannot telnet to the required port on the server over the VPN. Do you have any ideas on how to determine what could be the problem? Thanks for the help so far...
Avatar of FIFBA

ASKER

I'm starting to think the vendor did not set up application properly and that the application is not using the specified ports...I can telnet all well known services over VPN. Thanks again for the help...
Sounds good. May be an error on their part as you say.
Thanks FIFBA.
Cheers !
--Rob