cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
5
Replies

VPN and AnyConnect

Cam79100
Level 1
Level 1

Dear all,

 

i would like to create VPN client( Remote access VPN) on ASA 5512-x V.9.1 .

but from ISP we have router 1841 and connect to ASA 5512-x . do we need to do NAT or any allow traffic our router 1841 to ASA 5512-X.

 

Best Regards,

Chhun

5 Replies 5

Hi,
Yes, on the 1841 router you should port forward tcp/443 and udp/443 to the ASA's outside IP address (10.10.10.2) for SSL-VPN.

HTH

Dear Sir/Madam, i try to use this command

ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable

ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable

ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable

ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable

 

1- how to check the traffic deny or permit on router ?

2- check on ASA don't have any debug ipsec or isakmp from VPN client .

3- vpn client use : 5.0.07.2090

Hi,

 

   Based on the VPN Client version, i suspect you're using the legacy Cisco VPN Client, which supports only IKEv1 IPsec tunnels, native or encapsulated in TCP. Assuming your configuration is correct on the ASA side, here's a guide to setup EzVPN server on the ASA, and assuming you would not use the option to encapsulate IKE and IPsec into TCP, you would have to change your NAT config on the router as follows, in order to allow UDP 500, UDP 4500:

 

ip nat inside source list NAT-PAT interface GigabitEthernet0/0 overload

no ip nat inside source static tcp 10.10.10.2 443 203.10.10.10 443 extendable

no ip nat inside source static udp 10.10.10.2 10000 203.10.10.10 10000 extendable

ip nat inside source static udp 10.10.10.2 4500 203.10.10.10 4500 extendable

ip nat inside source static udp 10.10.10.2 500 203.10.10.10 500 extendable

 

Also, ensure that if you have any ACL's configured on the router, it allows UDP 500 and UDP 4500 to flow.

 

Regards,

Cristian Matei.

Dear Sir/Mada,

 

do you have sample configuration VPN client ( Remote access) on Cisco router 1841 and ASA 5512-x v9.1?

 

I need it to configure .

 

Best Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: