Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
9
Helpful
4
Replies

Cisco VPN client with ASA behind Router

carlosjlopez
Level 1
Level 1

‎03-17-2009 04:04 AM - edited ‎03-11-2019 08:06 AM

Hi all,

here it's my scenario:

Cisco VPNClient--> INET --> Cisco 877 -->ASA 5520.

And I can't connect with the ASA.

I make a test with this scenario:

Cisco VPNClient-->ASA 5520. and the VPN works.

I think the problem it's on the router ¿what ports must I open ? (or what aditional config)

thanks in advance

Labels:
0 Helpful
4 Replies 4

veljko.tasic
Level 1
Level 1

‎03-17-2009 11:49 AM

Hi,

How is ASA nat-ed through router? How many public ip's do you have?

If there is only one public ip that you should do port mapping and map UDP ports 500 and 4500 from asa to public ip. If there are more then one public ip then you can do one to one nat and then it should work if there are no access-lists.

OK?

carlosjlopez
Level 1
Level 1
In response to veljko.tasic

‎03-18-2009 02:36 AM

Hi tasic,

I only have one public IP, and I map 500 and 4500 UDP ports to the ASA from router.

ip nat inside source static udp 1XX.XX.XX.1 500 interface ATM0.1 500

ip nat inside source static udp 1XX.XX.XX.1 4500 interface ATM0.1 4500

(where 1XX.XX.XX.1 is ASA IP)

but nothing happens it says:

Reason 412: The remote peer is no longer responding

0 Helpful

veljko.tasic
Level 1
Level 1
In response to carlosjlopez

‎03-18-2009 03:29 AM

Do you have access-list on router outside interface?

You should add to asa

crypto isakmp nat-traversal 20

After that you should start troubleshooting to see what is happening. That is maximum from my side without configs.

carlosjlopez
Level 1
Level 1
In response to veljko.tasic

‎03-24-2009 03:45 AM

Hi again

I tried with crypto isakmp nat-traversal 20 but nothing happens, I think that my problem is in the router side.

here is my router config:

in my ATM:

ip nat inside

and my nat rules are:

ip nat inside source static udp X.X.20.1 500 interface ATM0.1 500

ip nat inside source static udp X.X.20.1 4500 interface ATM0.1 4500

ip nat inside source static udp X.X.20.1 10000 interface ATM0.1 10000

ip nat inside source static udp X.X.20.1 62515 interface ATM0.1 62515

ip nat inside source static tcp X.X.20.1 10000 interface ATM0.1 10000

ip nat inside source static esp X.X.20.1 interface ATM0.1

where X.X.20.1 is my ASA

or maybe my problem is in cisco VPN client configuration:

I selected in transport tab:

Enable Transparent tunneling and IPSEC over UDP

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card