02-25-2009 07:22 AM - edited 02-21-2020 04:09 PM
Hi,
I have cisco ASA firewall that has the private IP address on the internet interface that is connected to the router. That router has the SDSL connection and has the wan IP address with subnet /29.
I have added the static nat with one of the public ip address available.
For constructing the Site to Site VPN's or Remote access VPN's is i need some more natted commands, like nat traversal, IPSEC over tcp, UDP encapsulation etc on router / firewall. if yes then what commands are needed and where to implement.
your help will be higly appriciated.
02-25-2009 09:01 AM
You only need those commands when a device does not understand or support VPN pass-thru - typically remote users home ADSL modems.
If you have an ACL on the router, you just need to allow thru:-
IKE - UDP 500
IPSEC - Protocol 50
The rest will take care of itself.
if you enable NAT-T this will use UDP 4500 for the IPSEC UDP ecapsulation.
HTH>
02-25-2009 04:42 PM
In addition to Andrew's comments, you may need a static NAT on the router to NAT a public IP to the external IP address of the ASA. It sounds like it's already in place though..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide