FreeBSD to Cisco ASA 5505 VPN Connection

Chuck Swiger cswiger at
Wed Feb 17 23:18:05 UTC 2010


On Feb 17, 2010, at 3:06 PM, Bill Tillman wrote:
> The tech told me that I need to forward ports 500 and 4500 with my FreeBSD router to the small VPN router inside my LAN. That's simple enought but then he tells me I need to redirect all EPS and all AH traffic as well. I guess this is where FreeBSD+NATD+IPFW hits the wall when working with Cisco or is it? I gotta believe this can work but I don't know how the heck to do it and the tech at our IT consultant is totally lost when it comes to anything besides Cisco equipment.
> Has anyone got a suggestion on how to do a port redirect with natd to pickup these EPS and AH packets. I added some new lines to my /etc/natd.conf file and the AH part seemed ok but the console screen immediately said what the heck is EPS. And worse it did not work. Only when I put the VPN router outside of my existing router does this setup work. I really want to keep this thing inside my LAN or even better would be how do I get my existing router to work as a VPN on it's own?

When I was dealing with the Cisco VPN client, I was doing so with IPFW+natd and you need 500/udp, 4500/udp, 62515/udp, 1723/tcp, 10000/tcp, and the GRE protocol.  In my case, /etc/natd.conf contained:

punch_fw 10000:100
redirect_proto gre
redirect_port udp 500
redirect_port udp 4500
redirect_port udp 62515
redirect_port tcp 10000
redirect_port tcp pptp send the traffic to a VPN endpoint located at IP


More information about the freebsd-questions mailing list