cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
1
Replies

vpn pass-through

smallrain_2
Level 1
Level 1

We have a ASA 5540 with NAT.

A user behind ASA needs to vpn out to another cisco device on customer site.

How can we configure vpn pass through?

Thanks,

1 Reply 1

Ivan Martinon
Level 7
Level 7

Your best shot is to enable Nat-T on the remote end, this will allow ESP traffic to be encapsulated over UDP 4500. If enabling nat-t on the remote end is not an option check the ipsec-pass-trough inspection engine under the global-policy map:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: