Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
2
Replies

IPSEC VPN Client with NATed Router

t4tauseef33
Level 1
Level 1

‎02-25-2009 07:22 AM - edited ‎02-21-2020 04:09 PM

Hi,

I have cisco ASA firewall that has the private IP address on the internet interface that is connected to the router. That router has the SDSL connection and has the wan IP address with subnet /29.

I have added the static nat with one of the public ip address available.

For constructing the Site to Site VPN's or Remote access VPN's is i need some more natted commands, like nat traversal, IPSEC over tcp, UDP encapsulation etc on router / firewall. if yes then what commands are needed and where to implement.

your help will be higly appriciated.

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎02-25-2009 09:01 AM

You only need those commands when a device does not understand or support VPN pass-thru - typically remote users home ADSL modems.

If you have an ACL on the router, you just need to allow thru:-

IKE - UDP 500

IPSEC - Protocol 50

The rest will take care of itself.

if you enable NAT-T this will use UDP 4500 for the IPSEC UDP ecapsulation.

HTH>

0 Helpful

bmcginn
Level 3
Level 3
In response to andrew.prince

‎02-25-2009 04:42 PM

In addition to Andrew's comments, you may need a static NAT on the router to NAT a public IP to the external IP address of the ASA. It sounds like it's already in place though..

0 Helpful
Customers Also Viewed These Support Documents