Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
132
Views
0
Helpful
1
Replies

L2L VPN Tunnel with NAT on one side working only in one direction.

hemantpatel
Level 1
Level 1

‎12-15-2015 09:50 PM

Site A is hosting a host running SMTP services using port 9999. The outside IP address of site-A (ASA5505) is A.A.A.A and port 9999 on outside interface (A.A.A.A) has been statically natted to private ip 192.168.100.100 of the SMTP host.
Site-B is trying to reach site-A using its public ip (A.A.A.A) on port 9999. Both Phase1 and Phase2 gets established but Site-B is not able to reach Site-A (not able to ping, telnet,ssh,smtp). Zero encaps/decaps on site-A. Howerver, site-A reaches site-B using its private ip (192.168.200.200) on port 9999 without any issue.

Is there any issue using outside interface of ASA with NATTED port for VPN traffic?

Labels:
0 Helpful
1 Reply 1

Richard Bradfield
Level 6
Level 6

‎12-15-2015 10:37 PM

If you are setting up a site-to-site VPN,why are you trying to connect to  the public address of the smtp server?

if you want to connect to the public address then you would not go through a VPN tunnel

please share relevant configurations

0 Helpful
Customers Also Viewed These Support Documents