Hi!
I've been thinking of a situation that I will face in the near future that I don't know how to solve.
I have configured a IOS Easy VPN Client to allow customers' to connect to our Project/Test network. To each customer we send a pre-configured ASA5505, acting VPN Client, to establish the tunnel.
However, there will be some problems managing that ASA5505 if the customer have a NAT device set between us and them, let me explain.
If there are no NAT device between the VPN Server and Client, I will be able to see the outside IP of the client when doing the "sh crypto isakmp sa"-command. And from that, I can use ASDM to connect to that IP.
However if there is a NAT device between the VPN Server and Client, when doing the "sh crypto isakmp sa"-command I will see the outside IP of the NAT device instead. So my question is, is there anyway I can find out what the IP is on the outside interface of the VPN Client if there are a NAT device in between?
Note: In some of the cases this is not a problem since we often get assigned IP's to use when we pre-configure the Client. But others want us to use DHCP on the outside leaving us clueless what the IP is.