08-22-2007 06:49 AM - edited 03-11-2019 04:01 AM
HI,
Does anyone know whats going on here? One of the clients on the network launches a cisco vpn client to an external resource and the client connects and is authenticated but no traffic passes.
PAT is in use on the outside interface.
I have enabled nat traversal and sysopt connection permit-ipsec.
Thanks
08-22-2007 07:06 AM
Hi, it is not you but the owner of the remote vpn server that has to enable nat traversal as it is part of the IKE negotiation between the IPSec peers.
Regards,
/Mattias
08-22-2007 07:38 AM
HI thanks for the response.
I have recently replaced a Sonicwall with an ASA and the connection worked fine through the Sonicwall.
Any ideas?
08-22-2007 07:50 AM
If you only have one client on your LAN you can use IPSec passthrough which is not enabled by default.
In ASA I think the command is inspect ipsec-pass-thru.
A sonicwall has probably all features enabled by default, wouldn't suprise me.
08-23-2007 12:46 AM
HI,
When the vpn was established from the client I got the following warnings on the ASA:
regular translation creation failed for protocol 50 src inside:192.X.X.X. dst outside:159.X.X.X
Its related to PAT so I went and put in a static entry for the client so it nats out to its own Public IP and hey presto it worked.
Thanks for your help
08-23-2007 05:12 AM
Right -
This is usually set on the Remote server end.
The option - IKE over TCP & Port number is available in the client. there is a UDP option also for this.
The default port for cisco is 10000.
you can find this by inititing a session form the client & typing the following command
show conn local ( ip of the client )
it will show you the connections
08-23-2007 05:14 AM
Hello there, you might want to have a look at this article that explains that you need to create an ACL with ACE in the new verison 8.0 of the ASA IOS to get the traffic flowing!
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide