VPN Connection issue - maybe NAT problem

Unanswered Question
May 23rd, 2007

I am having a Firewall VPN problem.

I have a ASA5500 firewall using PAT. I setup another firewall at a remote location. I configured the remote location for remote vpn. I can VPN into the remote location from anywhere but I have problems when accessing the VPn from inside my office.

I am behind a ASA5500 at the office. When I connect to the remote office via vpn, I am unable to connect to that internal network.

Though when I am somewhere else, outside of office firewall, I am able to connect fine so the config at the rmeote site is perfect.

I am guessing that there is a configuration problem on my office firewall that does not allow connectivity to the remote internal network.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
cisconoobie Thu, 05/24/2007 - 12:18

I put this in but still cannot connect properly to the internal network.

acomiskey Thu, 05/24/2007 - 13:08

nat-traversal would have to be enabled on the remote end, not the local end.

Any chance you could post your configs?

acomiskey Thu, 05/24/2007 - 14:15

Are you serious? Anyway, even if that is the case it would be pointless to add it to the local firewall if he didn't have it enabled in the remote firewall, agreed? I may not be a CCIE but I do have real world experience. Everyone is here to help, hopefully without stepping on anyone's toes.

Hey as far as I can tell this is the 2nd time today you have posted a reply to mine as if my comment was incorrect so ????????? I'm here to help those who are seeking help not to put down other posters' comments.

Maybe you need to stop stepping on toes and only respond when you are 100% sure about your comment to someone else's.

acomiskey Thu, 05/24/2007 - 14:30

I'm not putting down anyone's comments. I apologize if it seemed that way. A lot of times people on here skim through a lot of content. So if I see something which may be of value to the person who started the thread or someone else posting in the thread, I am motivated to add my comments. All with the goal in mind of helping someone solve a problem, not to make anyone look bad. Now I have learned something in this thread I didn't know, that is to look for nat-t being enabled on the local firewall, and I will use that knowledge in the future.

acomiskey Thu, 05/24/2007 - 14:18

Also, cisconoobie's statement in his original post isn't necessarily true

"Though when I am somewhere else, outside of office firewall, I am able to connect fine so the config at the rmeote site is perfect."

If he was connecting from somewhere not using pat, and nat-t is not enabled on the firewall, then there is a problem with the config.


This Discussion