cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
272
Views
0
Helpful
2
Replies
Highlighted
Beginner

VPN - ONE ASA BEHIND NAT

I have two ASA (see the picture)

ASA in europe sits behind NAT.

There are two tunnels. The one that comes up first works. The other one has 0 decrypted packets.

Packets are being encrypted for both tunnels on USA side.

Is there any solution?

2 REPLIES 2
Highlighted
Enthusiast

Re: VPN - ONE ASA BEHIND NAT

Hello @filip00011,

 

Can you share the configuration for both devices in order to check them further?

 

Gio

Highlighted
Beginner

Re: VPN - ONE ASA BEHIND NAT

I think the problem is that ASA-Europe is behind nat. So, ASA does not see the original source IP. for ASA-Europe it all looks like it comes from 10.0.0.137.

Since all ESP packets are coming from 10.0.0.137 port 4500. ASA does not know to which tunnel group it belongs to.

 

Maybe the solution would be to use IPsec over TCP. I have to find out how to configure it.