Hi

This is not a connection to the ASA. But a connection through it whilst using a NAT'd IP.

I have assigned a NAT to a PC on the inside of the ASA but when the PC opens a cisco vpn client and tries to connect to a remote cisco firewall the user is unable to connect, but when he uses a PAT'd address it works fine.

Thanks

hello,

What is the IP of your PC accordingly your configuration file ?

regards

Hi

The PC is 10.2.200.80

The old Pix line used to be

static (inside,outside) 10.2.254.80 10.2.200.80 netmask 255.255.255.240

for sixteen addresses.

I have just got it to work by using the following two lines

global (outside) 2 10.2.254.80

nat (inside) 2 10.2.200.80 255.255.255.255

I can't believe the above (times sixteen) is the only way to get it working is 32 lines instead of just using 1 line.

Thanks

Your configuration (with global) is a dynamic NAT so it's unidirectional while static is bidirectional.

Did you change something in the client configuration ?

what are the client parameters ?

I meant that this NAT configuration could determine the behavior of the server side by usinf NAT-transversal or not

I have done the isakmp nat-traversal but did not make any difference.

The client is default; group name, password and IP

Hi Chris,

when you added this line to ASA it didn't work? 'static (inside,outside) 10.2.254.80 10.2.200.80 netmask 255.255.255.240 '

B.Regards.

Hi

It did work. I checked whatsmyip to confirm it was translating ok.

I can see udp 500 coming back to the client but udp 4500 only gets back as far as the outside interface but never exits the internal interface to reach the client.

So the NAT is definately working but it just does not pass back the udp 4500.