Host Access over RA VPN doesnt work without inbound access

indra · ‎09-16-2009

Hi,

I have configured a RA VPN in a pair of Cisco ASA 5520 with LDAp authentication and local ip address pool. The RA VPN is working fine when I connect it from a direct internet with a public ip assigned to the client desktop without any firewall or inbound traffic restriction. But from office behind a firewall I can connect to the VPN but can not connect to any hosts over the VPN tunnel. The office Internet Firewall is configured to PAT all outgoing traffic without any inbound access. Can someone suggest what to configure in the VPN to allow connections via the vpn to the hosts behind the vpn when the vpn is being established from a PAT Global IP.

Collin Clark · ‎09-16-2009

Try enabling Transparent NAT on the remote firewall.

indra · ‎09-16-2009

when u say Remote Firewall does that mean the firewall which is terminating the RA VPN or else?

Also are you suggesting this command crypto isakmp nat-traversal but my ASA has a public IP configured in the Outside Interface connected to the internet. Pls help & suggest. Is there any parameters to be changed in the VPN config to accept connections from PAT ip without a need of an inbound access from the VPN peer towards the PAT/NAT IP?

indra · ‎09-18-2009

pls help someone to resolve this.