Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA5505 VPN Client Feature Question


To my understanding ASA 5505 can be configured as a VPN client. (Authenticating with a username/password from authenticating VPN Server)

When you put a device (a PC for example), behind the ASA5505(VPN Client), these devices are able to access resources on the head end of the VPN server.

My question is, are the devices behind the VPN server (head end) able to access devices behind the ClientASA5505, such as a PC?

My assumption is no, because I believe the ASA5505 is PAT'ing, and its not a 1:1 relationship between devices behind the firewall.

Can anyone confirm or validate this?

Is there any documentation to explain this?




Re: ASA5505 VPN Client Feature Question


Traffic that's local will stay local. The client (ASA) is configured for network extension mode (NEM), and it will allow your inside network to be visible on the other side of the vpn tunnel. But computers that are on "this side" of the tunnel are still able to use their printers, see their other local computers, etc.

I'm not sure where PAT comes into play on this one ;-) The ASA brings the connection up on interesting traffic, and then depending on your interesting traffic acl, traffic that matches the acl will traverse the vpn tunnel.



HTH, John *** Please rate all useful posts ***
New Member

Re: ASA5505 VPN Client Feature Question

All interesting traffic should not be PATTED so dont worry:)

New Member

Re: ASA5505 VPN Client Feature Question

Thanks for your replies,

I just wanted to ensure I exlained this properly.



The ASA is connecting as a vpn client (ASA5505) to the VPN Server (ASA5510)

Can SERVER123 connect to PC456 and PC456 connect to SERVER123?

Or is it a one way connection from PC456 to SERVER123?



CreatePlease to create content