I have differents networks connected to a central one. The VPN clients of the differents delegations are VPN3002 or ASA5505. All those clients are connected to a VPN3005 Concentrator. We have configured a Cisco ASA 5510 to replace VPN 3005 Concentrator. And now we're moving tunnels of VPN clients from VPN 3005 Concentrator to ASA 5510.
We have changed all the clients network that use VPN3002 as VPN client. All has gone perfectly. We reach the network, we can use remote desktop, we connect with our exchange servers (which are located in the central). But we have a lot of problems with the tunnels from ASA 5505 to ASA 5510. We can ping from the client side to the central and also from the central to the client part. The PCs on the client part reach the Internet, but we cannot use remote desktop to PCs of client side. Also, PCs on the client side can't receive mail. They ping the mail server by IP or DNS name, but we think it's being filtered someway. We have had similar problems with PIX, so we configured "no fixup" of some protocols as SMTP,... but with this network design, we don`t know if we are being filtered by ASA 5510 or ASA 5505.
If someone has had a similar problem and can help us, we would be very pleased.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...