Solved: VPN to asa behind router

FreddyLoi · ‎12-22-2010

Hi

I have ASA 5505 behind a router, that is also a dmvpn spoke (The router), On my ASA i configured a remote access vpn.

But when I try to foward the ports for VPN to my asa, I get stability issues, with my vpn spoke on the router.

Is it possible to have a dmvpn to the router and a remote access vpn to my ASA?

I have attached the running config.

Thank you

Jay Young · ‎12-22-2010

Freedy,

The issue here is that both your router and the ASA want to use udp port 500 and udp port 4500. Naturally if you forward the ports inbound then the dmvpn is not going to work and vice versa. What you may want to try it to have your ezvpn use ipsec-over-tcp on port 10000 and forward that instead.

On the ASA configure "crypto isakmp ipsec-over-tcp port 10000"

On the client edit the connection information, go to the transport tab and select ipsec-over-tcp"

On the router port forward tcp 10000 to the ASA.

Hope that helps.

-Jay

View solution in original post

Jay Young · ‎12-22-2010