cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
701
Views
0
Helpful
1
Replies
Highlighted

Remote Management over VPN - IP Unkown

Hi!

I've been thinking of a situation that I will face in the near future that I don't know how to solve.

I have configured a IOS Easy VPN Client to allow customers' to connect to our Project/Test network. To each customer we send a pre-configured ASA5505, acting VPN Client, to establish the tunnel.

However, there will be some problems managing that ASA5505 if the customer have a NAT device set between us and them, let me explain.

If there are no NAT device between the VPN Server and Client, I will be able to see the outside IP of the client when doing the "sh crypto isakmp sa"-command. And from that, I can use ASDM to connect to that IP.

However if there is a NAT device between the VPN Server and Client, when doing the "sh crypto isakmp sa"-command I will see the outside IP of the NAT device instead. So my question is, is there anyway I can find out what the IP is on the outside interface of the VPN Client if there are a NAT device in between?

Note: In some of the cases this is not a problem since we often get assigned IP's to use when we pre-configure the Client. But others want us to use DHCP on the outside leaving us clueless what the IP is.

1 REPLY 1
Highlighted
Beginner

You can usually look at your local end of the vpn to find the public ip of that particular vpn tunnel (show crypto isakmp sa, show crypto ipsec sa, show vpn-sessiondb).

To access the asa behind the nat device, a port forward (telnet, ssh, http) from the nat device will have to be setup.

Content for Community-Ad