5505 Strange vpn problem I can only connect if the pc has a WAN IP addess

Answered Question
Jun 15th, 2007

I have a asa5505 if an outside computer has a wan ip address it will see the computers on the network. If the computer is behind a router (any router) it will connect fine but will not see any computers on the network. All computer on the in the vpn are a 10.1.1.0 network and the connecting computers are on a 192.168.1.0 network. All subnet mask are 255.255.255.0. Thanks in advance.

Correct Answer by acomiskey about 9 years 8 months ago

Add the following command to your ASA.


crypto isakmp nat-traversal


In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t


This will allow users behind pat devices to use nat-t and should solve your problem.


Please rate if it helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Mon, 06/18/2007 - 05:26

Sounds like a nat-traversal problem. What version is your 5505?

Correct Answer
acomiskey Wed, 06/20/2007 - 08:39

Add the following command to your ASA.


crypto isakmp nat-traversal


In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t


This will allow users behind pat devices to use nat-t and should solve your problem.


Please rate if it helps.

Actions

This Discussion