ASR 1001 NAT issue??

Mohit Chauhan · ‎12-16-2012

Hi friends,

I have a client who has just put in ASR 1001 on the Internet edge and doing a basic NAT-overload.

Everything goes fine till the time they try to VPN to a server on the internet. thats the time, when the VPN login never happens. This is basic windows vpn they are using.

If they use a public range in the LAN and go without NAT, the VPN works. The same public range then we decide to check with NATing on, it doesnt work.

The flow of the packets is like this:

LAN-> Firewall->ASR-> Internet

When we see NAT translation table on the router, it does show the entry against that host who tries to go out. There is no ACL on the router blocking. Where could be the issue??

Any suggestions??

Regards,

Mohit

ynyng · ‎01-15-2013

Hello Mohit,

Were you able to resolve this issue? I am experiencing the same issue with ASR1002...

Thanks,

J Kent

Mohit Chauhan · ‎01-16-2013

I had to open the case with cisco TAC. There was no config issue with the ASR. its just with the XOS which does support this feature. It was the same with IOS devices and later Cisco had released a version which fixed that issue.

The same is expected for XOS with the release 3.9 expected to be released in March this year.

The temporary workaround is using static one to one NAT but obviously if you have lots of inside users that would need that many public addresses.

Hope the above helps!

ynyng · ‎01-17-2013

Thank you Mohit. That was not the answer I was hoping for, but at least I have a temporary work-around.

Once again, thank you for the reply.