vpn client cannot connect to NAT cluster IP

Unanswered Question
Jun 11th, 2010
User Badges:

I have two Cisco VPN 3060 concentrator configured with load balancing sitting behind ASA firewall.

Concentrator A with public interface ip address is  -> static NAT to

Concentrator B with public interface ip address is  -> static NAT to

Load balancing is configured between these two concentrators with cluster ip address  -> static NAT to

I'm able to connect to the cluster ip address when the vpn client reside on the 172.1.1.x subnet

(I adjusted the load balance settings to since the client is behind the firewall.)

But when the vpn client connects from DSL it fails to connect to the NAT address of the cluster

The vpn client is able to connect to the external/Nat addresses of Concentrator A and B.

The ASA firewall is set to allow 'all' IP inbound to the cluster IP

Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Sat, 06/12/2010 - 00:45
User Badges:
  • Cisco Employee,

By any chance when you connect to cluster IP, doesn't it respond with "connect to PRIVATE_IP_ADDRESS"?

Logging on client will tell you more.

If you suspect ASA - get a packet capture on inside and outside for this client.


This Discussion