03-26-2020 06:35 AM
Dear all,
i would like to create VPN client( Remote access VPN) on ASA 5512-x V.9.1 .
but from ISP we have router 1841 and connect to ASA 5512-x . do we need to do NAT or any allow traffic our router 1841 to ASA 5512-X.
Best Regards,
Chhun
03-26-2020 06:38 AM
03-26-2020 06:49 AM
Dear Sir/Madam, i try to use this command
ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable
ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable
ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable
ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable
1- how to check the traffic deny or permit on router ?
2- check on ASA don't have any debug ipsec or isakmp from VPN client .
3- vpn client use : 5.0.07.2090
.
03-26-2020 09:09 AM
Hi,
Based on the VPN Client version, i suspect you're using the legacy Cisco VPN Client, which supports only IKEv1 IPsec tunnels, native or encapsulated in TCP. Assuming your configuration is correct on the ASA side, here's a guide to setup EzVPN server on the ASA, and assuming you would not use the option to encapsulate IKE and IPsec into TCP, you would have to change your NAT config on the router as follows, in order to allow UDP 500, UDP 4500:
ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload
no ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable
no ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable
ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable
ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable
Also, ensure that if you have any ACL's configured on the router, it allows UDP 500 and UDP 4500 to flow.
Regards,
Cristian Matei.
03-26-2020 09:09 PM
Dear Sir/Mada,
do you have sample configuration VPN client ( Remote access) on Cisco router 1841 and ASA 5512-x v9.1?
I need it to configure .
Best Regards,
03-27-2020 01:13 AM
Hi,
Depending on how you'll perform authentication on the EasyVPN server side, use these guide to help you on the implementation:
As for the VPN client itself, configuration is very simple,e but find here an example:
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide