03-17-2009 04:04 AM - edited 03-11-2019 08:06 AM
Hi all,
here it's my scenario:
Cisco VPNClient--> INET --> Cisco 877 -->ASA 5520.
And I can't connect with the ASA.
I make a test with this scenario:
Cisco VPNClient-->ASA 5520. and the VPN works.
I think the problem it's on the router ¿what ports must I open ? (or what aditional config)
thanks in advance
03-17-2009 11:49 AM
Hi,
How is ASA nat-ed through router? How many public ip's do you have?
If there is only one public ip that you should do port mapping and map UDP ports 500 and 4500 from asa to public ip. If there are more then one public ip then you can do one to one nat and then it should work if there are no access-lists.
OK?
03-18-2009 02:36 AM
Hi tasic,
I only have one public IP, and I map 500 and 4500 UDP ports to the ASA from router.
ip nat inside source static udp 1XX.XX.XX.1 500 interface ATM0.1 500
ip nat inside source static udp 1XX.XX.XX.1 4500 interface ATM0.1 4500
(where 1XX.XX.XX.1 is ASA IP)
but nothing happens it says:
Reason 412: The remote peer is no longer responding
03-18-2009 03:29 AM
Do you have access-list on router outside interface?
You should add to asa
crypto isakmp nat-traversal 20
After that you should start troubleshooting to see what is happening. That is maximum from my side without configs.
03-24-2009 03:45 AM
Hi again
I tried with crypto isakmp nat-traversal 20 but nothing happens, I think that my problem is in the router side.
here is my router config:
in my ATM:
ip nat inside
and my nat rules are:
ip nat inside source static udp X.X.20.1 500 interface ATM0.1 500
ip nat inside source static udp X.X.20.1 4500 interface ATM0.1 4500
ip nat inside source static udp X.X.20.1 10000 interface ATM0.1 10000
ip nat inside source static udp X.X.20.1 62515 interface ATM0.1 62515
ip nat inside source static tcp X.X.20.1 10000 interface ATM0.1 10000
ip nat inside source static esp X.X.20.1 interface ATM0.1
where X.X.20.1 is my ASA
or maybe my problem is in cisco VPN client configuration:
I selected in transport tab:
Enable Transparent tunneling and IPSEC over UDP
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: