https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231615#M874913 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>How is ASA nat-ed through router? How many public ip's do you have?</P><P></P><P>If there is only one public ip that you should do port mapping and map UDP ports 500 and 4500 from asa to public ip. If there are more then one public ip then you can do one to one nat and then it should work if there are no access-lists.</P><P></P><P>OK?</P></BODY></HTML> Tue, 17 Mar 2009 18:49:01 GMT veljko.tasic 2009-03-17T18:49:01Z https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231614#M874910 <P>Hi all,</P><P>here it's my scenario:</P><P></P><P>Cisco VPNClient--&gt; INET --&gt; Cisco 877 --&gt;ASA 5520.</P><P></P><P>And I can't connect with the ASA.</P><P></P><P>I make a test with this scenario:</P><P></P><P>Cisco VPNClient--&gt;ASA 5520. and the VPN works.</P><P></P><P>I think the problem it's on the router ¿what ports must I open ? (or what aditional config)</P><P></P><P>thanks in advance</P><P></P> Mon, 11 Mar 2019 15:06:03 GMT https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231614#M874910 carlosjlopez 2019-03-11T15:06:03Z https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231615#M874913 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>How is ASA nat-ed through router? How many public ip's do you have?</P><P></P><P>If there is only one public ip that you should do port mapping and map UDP ports 500 and 4500 from asa to public ip. If there are more then one public ip then you can do one to one nat and then it should work if there are no access-lists.</P><P></P><P>OK?</P></BODY></HTML> Tue, 17 Mar 2009 18:49:01 GMT https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231615#M874913 veljko.tasic 2009-03-17T18:49:01Z https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231616#M874915 <HTML><HEAD></HEAD><BODY><P>Hi tasic,</P><P>I only have one public IP, and I map 500 and 4500 UDP ports to the ASA from router.</P><P></P><P>ip nat inside source static udp 1XX.XX.XX.1 500 interface ATM0.1 500</P><P>ip nat inside source static udp 1XX.XX.XX.1 4500 interface ATM0.1 4500</P><P>(where 1XX.XX.XX.1 is ASA IP)</P><P></P><P>but nothing happens it says:</P><P></P><P>Reason 412: The remote peer is no longer responding</P></BODY></HTML> Wed, 18 Mar 2009 09:36:31 GMT https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231616#M874915 carlosjlopez 2009-03-18T09:36:31Z https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231617#M874919 <HTML><HEAD></HEAD><BODY><P>Do you have access-list on router outside interface?</P><P></P><P>You should add to asa</P><P>crypto isakmp nat-traversal 20</P><P></P><P>After that you should start troubleshooting to see what is happening. That is maximum from my side without configs.</P><P></P><P></P></BODY></HTML> Wed, 18 Mar 2009 10:29:32 GMT https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231617#M874919 veljko.tasic 2009-03-18T10:29:32Z https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231618#M874923 <HTML><HEAD></HEAD><BODY><P>Hi again</P><P></P><P>I tried with crypto isakmp nat-traversal 20 but nothing happens, I think that my problem is in the router side.</P><P></P><P>here is my router config:</P><P></P><P>in my ATM:</P><P>ip nat inside</P><P></P><P>and my nat rules are:</P><P>ip nat inside source static udp X.X.20.1 500 interface ATM0.1 500</P><P>ip nat inside source static udp X.X.20.1 4500 interface ATM0.1 4500</P><P>ip nat inside source static udp X.X.20.1 10000 interface ATM0.1 10000</P><P>ip nat inside source static udp X.X.20.1 62515 interface ATM0.1 62515</P><P>ip nat inside source static tcp X.X.20.1 10000 interface ATM0.1 10000</P><P>ip nat inside source static esp X.X.20.1 interface ATM0.1</P><P></P><P>where X.X.20.1 is my ASA</P><P></P><P>or maybe my problem is in cisco VPN client configuration:</P><P></P><P>I selected in transport tab:</P><P>Enable Transparent tunneling and IPSEC over UDP</P><P></P><P></P><P></P></BODY></HTML> Tue, 24 Mar 2009 10:45:31 GMT https://community.cisco.com/t5/network-security/cisco-vpn-client-with-asa-behind-router/m-p/1231618#M874923 carlosjlopez 2009-03-24T10:45:31Z