Solved: 5505 Strange vpn problem I can only connect if the pc has a WAN IP addess

paintref1 · ‎06-15-2007

I have a asa5505 if an outside computer has a wan ip address it will see the computers on the network. If the computer is behind a router (any router) it will connect fine but will not see any computers on the network. All computer on the in the vpn are a 10.1.1.0 network and the connecting computers are on a 192.168.1.0 network. All subnet mask are 255.255.255.0. Thanks in advance.

acomiskey · ‎06-20-2007

Add the following command to your ASA.

crypto isakmp nat-traversal

In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t

This will allow users behind pat devices to use nat-t and should solve your problem.

Please rate if it helps.

View solution in original post

acomiskey · ‎06-18-2007

Sounds like a nat-traversal problem. What version is your 5505?

paintref1 · ‎06-20-2007

7.2 (2) is the asa ver and 5.2 (2) is the asdm

acomiskey · ‎06-20-2007

Add the following command to your ASA.

crypto isakmp nat-traversal

In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t

This will allow users behind pat devices to use nat-t and should solve your problem.

Please rate if it helps.