Here my present situation: I have to allow my partners to connect to my internal network (192.168.10.0/24). My ASA 5505 (connected to my internal network) is connected to Internet behind my provider router on which I have no access to configuration (warranty purpose). My provider router LAN is on 192.168.1.0/24 network (dmz) with the ip address 192.168.1.200 and my ASA is connected to that router with 192.168.1.1 ip address.
I have attached to this message my actual configuration.
I just would like to know which port I have to make redirect to my provider to allow VPN connection on the ASA (I cannot actually put my provider router in bridge mode)
I have found those one :
ISAKMP - UDP 500
ESP - Protocol 50
ISAKMP NAT-Traversal - UDP 4500 (NAT-T)
IPSEC Over UDP - UDP 10000 (Default)
IPSEC Over TCP - TCP 10000 (Default)
Is it correct?
In the other hand, I have tried to connect a cisco vpn client to the ASA with a computer in the dmz (with ip 192.168.1.127). I can establish the connection without any issue but I cannot ping or connect to any computer/service on my internal network.
I have seen ont some forums that in need to type following command line :
crypto isakmp nat-traversal
sysopt connection permit-ipsec
First, is it correct? And, could anyone could explain to me what those commands do?