I've been thinking of a situation that I will face in the near future that I don't know how to solve.
I have configured a IOS Easy VPN Client to allow customers' to connect to our Project/Test network. To each customer we send a pre-configured ASA5505, acting VPN Client, to establish the tunnel.
However, there will be some problems managing that ASA5505 if the customer have a NAT device set between us and them, let me explain.
If there are no NAT device between the VPN Server and Client, I will be able to see the outside IP of the client when doing the "sh crypto isakmp sa"-command. And from that, I can use ASDM to connect to that IP.
However if there is a NAT device between the VPN Server and Client, when doing the "sh crypto isakmp sa"-command I will see the outside IP of the NAT device instead. So my question is, is there anyway I can find out what the IP is on the outside interface of the VPN Client if there are a NAT device in between?
Note: In some of the cases this is not a problem since we often get assigned IP's to use when we pre-configure the Client. But others want us to use DHCP on the outside leaving us clueless what the IP is.
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...