Cisco ASA IPSec VPN - Is port forwarding needed?
Posted on 2014-12-17
I have a Cisco ASA 5525 which serves only to provide IPSec VPN services to an outside business client. There is one tunnel and all traffic is allowed. The external interface of the ASA has a private IP address on it. We have a router connected to the ISP that NAT's it's public IP to the ASA's external interface. So the firewall's external interface appears as this ISP public IP.
The client needs to access hardware devices on the ASA's internal interface (192.168.97.0/24). These hardware devices listen on port 5015. The client cannot connect to the devices using the 192.168.97.x addresses across the VPN tunnel. Do I need to do some sort of port forwarding (NAT) from the external ISP address to the ASA's internal network? Shouldn't the client be able to see the hardware devices on the ASA's internal interface and access them via their private IP addresses? (We can access their servers across the VPN going the other way even though they have 10.x.x.x addresses)
Hopefully I'm not making this sound more complicated than it is. Please feel free to ask clarifying questions.
I really need to solve this problem ASAP so thanks in advance for your assistance!!