Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2855
Views
0
Helpful
1
Replies

Setup of IPSec Passthrough

jialoh
Beginner
Beginner

‎03-29-2012 01:21 AM - edited ‎03-11-2019 03:48 PM

Hi All,

I would like to get some help on IPSec Passthrough on an ASA 5520, with version 8.3, and ASDM 6.3. Currently I have a requirement for users in my internal network (10.10.249.128 / 25) to be able to connect to external IPSec VPN servers.

So I created a network object with 10.10.249.128 / 25, and used dynamic PAT to translate the source ip address to the external internet facing outside interface:

29-Mar-12 4-09-43 PM.png

I then added the following rules on the inside-in ACL:

However troubleshooting shows that isakmp is passing through the firewall, but esp and ah is not.

For isakmp:

29-Mar-12 4-15-05 PM.png

For ESP:

29-Mar-12 4-17-21 PM.png

Seems like the nat rule is drawing my ESP traffic, can any one point me in the correct direction?

Kind Regards,

Jia Wei

Labels:
0 Helpful
1 Reply 1

Jouni Forss
Mentor
Mentor

‎03-29-2012 02:17 AM

Hi,

Have you tried an actual VPN Client connection through the ASA from the guest network? Or is the problem only based on testing this thing with packet-tracer on ASDM side?

I dont remember ever opening ESP/HA for Cisco VPN Client traffic

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents