Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
991
Views
0
Helpful
1
Replies

Remote Management over VPN - IP Unkown

dennis.elgstrom
Level 1
Level 1

‎06-27-2013 05:20 AM

Hi!

I've been thinking of a situation that I will face in the near future that I don't know how to solve.

I have configured a IOS Easy VPN Client to allow customers' to connect to our Project/Test network. To each customer we send a pre-configured ASA5505, acting VPN Client, to establish the tunnel.

However, there will be some problems managing that ASA5505 if the customer have a NAT device set between us and them, let me explain.

If there are no NAT device between the VPN Server and Client, I will be able to see the outside IP of the client when doing the "sh crypto isakmp sa"-command. And from that, I can use ASDM to connect to that IP.

However if there is a NAT device between the VPN Server and Client, when doing the "sh crypto isakmp sa"-command I will see the outside IP of the NAT device instead. So my question is, is there anyway I can find out what the IP is on the outside interface of the VPN Client if there are a NAT device in between?

Note: In some of the cases this is not a problem since we often get assigned IP's to use when we pre-configure the Client. But others want us to use DHCP on the outside leaving us clueless what the IP is.

Labels:
0 Helpful
1 Reply 1

amohabir1
Level 1
Level 1

‎07-23-2013 12:37 PM

You can usually look at your local end of the vpn to find the public ip of that particular vpn tunnel (show crypto isakmp sa, show crypto ipsec sa, show vpn-sessiondb).

To access the asa behind the nat device, a port forward (telnet, ssh, http) from the nat device will have to be setup.

0 Helpful
Customers Also Viewed These Support Documents