cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dtown
New Contributor

Port forward traffic from internet over vpn tunnel

I have an existing ipsec vpn tunnel setup between two sites using Netvanta 3458 routers. How  can I port forward traffic from one site to the other over the vpn tunnel?

Site A      ext IP: 1.2.3.4, int IP: 192.168.1.1

Site B:     ext IP: 2.3.4.5, int IP: 192.168.2.1

Site B server:     192.168.2.2

Traffic flows without problems between 192.168.1.0 and 192.168.2.0 subnets and I can forward the traffic entering on Site A's external IP to any server in Site A without problems.

But I would like to forward all traffic on port 443 coming in on Site A's external IP (1.2.3.4) over the vpn tunnel to the site B server (192.168.2.2), I've tried creating a policy on Site A's router to forward port 443 directly to the Site B server at 192.168.2.2. I've tried creating a policy on Site A's router to forward port 443 to the Site B router's internal IP (192.168.2.1) and then setting a policy on Site B's router to forward all traffic to the Site B server. Neither of those worked.

Any help would be appreciated.

Labels (3)
0 Kudos
1 Reply
Anonymous
Not applicable

Re: Port forward traffic from internet over vpn tunnel

Suki,

Thanks for posting your question on the forum!

First, you will need to modify the VPN selectors to reflect traffic that will be sourced from the internet on port 443 and destined for the site B server (192.168.2.2). This will allow this traffic to traverse the VPN tunnel.

Site A:

permit tcp any host 192.168.2.2 eq 443

Site B:

permit tcp host 192.168.2.2 eq 443 any

On Site A, you will then need to modify the access-policy assigned to the WAN interface so that the port-forward can take place:

ip access-list ext PortFwd

    permit tcp any host 1.2.3.4 eq 443

ip policy-class WAN

    nat destination list PortFwd address 192.168.2.2

I have not seen your configuration, but you will want to be careful about the order of the rules on the WAN policy-class to be sure that is not ignored due to a rule listed above it.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor