cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
142
Views
0
Helpful
5
Replies
Beginner

VPN and AnyConnect

Dear all,

 

i would like to create VPN client( Remote access VPN) on ASA 5512-x V.9.1 .

but from ISP we have router 1841 and connect to ASA 5512-x . do we need to do NAT or any allow traffic our router 1841 to ASA 5512-X.

 

Best Regards,

Chhun

5 REPLIES 5
Highlighted
RJI Advisor
Advisor

Re: VPN and AnyConnect

Hi,
Yes, on the 1841 router you should port forward tcp/443 and udp/443 to the ASA's outside IP address (10.10.10.2) for SSL-VPN.

HTH
Highlighted
Beginner

Re: VPN and AnyConnect

Dear Sir/Madam, i try to use this command

ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable

ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable

ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable

ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable

 

1- how to check the traffic deny or permit on router ?

2- check on ASA don't have any debug ipsec or isakmp from VPN client .

3- vpn client use : 5.0.07.2090

Highlighted
Rising star

Re: VPN and AnyConnect

Hi,

 

   Based on the VPN Client version, i suspect you're using the legacy Cisco VPN Client, which supports only IKEv1 IPsec tunnels, native or encapsulated in TCP. Assuming your configuration is correct on the ASA side, here's a guide to setup EzVPN server on the ASA, and assuming you would not use the option to encapsulate IKE and IPsec into TCP, you would have to change your NAT config on the router as follows, in order to allow UDP 500, UDP 4500:

 

ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload

no ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable

no ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable

ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable

ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable

 

Also, ensure that if you have any ACL's configured on the router, it allows UDP 500 and UDP 4500 to flow.

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: VPN and AnyConnect

Dear Sir/Mada,

 

do you have sample configuration VPN client ( Remote access) on Cisco router 1841 and ASA 5512-x v9.1?

 

I need it to configure .

 

Best Regards,

Highlighted
Rising star

Re: VPN and AnyConnect