cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

409
Views
0
Helpful
2
Replies
N3t-Guy
Beginner

VPN passthrough ASA?

Hello,

 

A vendor is trying to set up a site to site to site VPN connection from their network to a internal router on our network. They have a juniper router on each side with our ASA in between. I have set up a public IP that is natted to the ip address of the Juniper device inside our network. I've also set up an ACL allowing the two public IP's they will be coming from and allowing UDP 500, 4500 TCP 22 and ESP. They are unable to get the tunnel to come up and I believe it may have to do with NAT traversal but not sure what I need to do to enable the traffic to passthrough. I've also tried it without the ACL and with an ACL that allows Any, just for testing. Our ASA is a 5515-X.

 

Any help would be appreciated!!

2 REPLIES 2
balaji.bandi
VIP Expert

here is the information passing VPN pass through  via ASA :  

 

https://www.petenetlive.com/KB/Article/0001428

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/inspect.html#wp1522169

 



BB


*** Rate All Helpful Responses ***

vsurresh
Beginner

To me, it looks like you did all the work on the ASA. As long the NAT is correctly configured, there shouldn't be an issue. Did the vendor check the logs on Juniper? You can also do a packet capture on the ASA interface facing internal-router and provide to the vendor. 

 

Regards

Suresh

Content for Community-Ad