I have recently configured a remote access VPN on a customer ASA7.2. I have tested the RA IPSEC vpn on using an IP address that is in the same segment as the outside interface of the ASA and it works.
But the funny thing right now is if I am using a client that is using NAT to access the network, I have problem connecting. It cant even contact the security gateway and go pass the phrase 1 authentication of the tunnel group and pre-sharekey. There is nothing on the VPN client log.
I have configured NAT-T too.
Anyone have any idea? Here's the config that's relevant to the remote access IPSEC VPN.
access-list inside_nat0_outbound extended permit ip 10.203.1.0 255.255.255.0 10.
ip local pool vpnpool 10.203.8.100-10.203.8.199 mask 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
group-policy ntnvpn internal
group-policy ntnvpn attributes
dns-server value 184.108.40.206 220.127.116.11
default-domain value x
username hw-support password x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
crypto isakmp nat-traversal 20
tunnel-group ntnvpn type ipsec-ra
tunnel-group ntnvpn general-attributes
tunnel-group ntnvpn ipsec-attributes