Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
2
Replies

NAT on ASA not working, leading to Clientless VPN failing

Go to solution
stuart-hill
Level 1
Level 1

‎05-16-2012 06:42 AM - edited ‎03-11-2019 04:07 PM

Cisco Adaptive Security Appliance Software Version 8.3(1)

Device Manager Version 6.3(1)

I have a Cisco ASA5520 that I have setup to allow a GRE tunnel through from a router at site B. This all works fine when I use the below NAT with associated router object on the inside

object network SWTEST

nat (inside,outside) static interface

My problem comes in that this kills off my Cleintless VPN connection to the same firewall, I changed my NAT to point at another of my statically assigned IP addresses, and then nothing works. Can anyone help with what I've done wrong, or what i should do? My rule base allows any GRE in from the source, and rules all look fine

I'm guessing that I should do the below, but it doesn't work

object network SWTEST

nat (inside,outside) static 195.224.23.23

Thanks alot

Stuart

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-16-2012 11:53 AM

Hello Stuart,

Did you clear the xlate table, conn table and the local-host table after making the changes

Configuration looks fine, please do a packet tracer like this:

packet-tracer input outside tcp 4.2.2.2 1025 195.224.23.23 80

I think our next step would be to do captures.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-16-2012 11:53 AM

Hello Stuart,

Did you clear the xlate table, conn table and the local-host table after making the changes

Configuration looks fine, please do a packet tracer like this:

packet-tracer input outside tcp 4.2.2.2 1025 195.224.23.23 80

I think our next step would be to do captures.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
stuart-hill
Level 1
Level 1
In response to Julio Carvajal

‎05-31-2012 04:06 AM

Hi jcarvaja,

That worked. Clearing the tables was succesful. Thanks alot for your help on this. Sorry it's taken a while to get back to you.

Stuart

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card