Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN client with ASA behind Router

Hi all,

here it's my scenario:

Cisco VPNClient--> INET --> Cisco 877 -->ASA 5520.

And I can't connect with the ASA.

I make a test with this scenario:

Cisco VPNClient-->ASA 5520. and the VPN works.

I think the problem it's on the router ¿what ports must I open ? (or what aditional config)

thanks in advance

4 REPLIES
New Member

Re: Cisco VPN client with ASA behind Router

Hi,

How is ASA nat-ed through router? How many public ip's do you have?

If there is only one public ip that you should do port mapping and map UDP ports 500 and 4500 from asa to public ip. If there are more then one public ip then you can do one to one nat and then it should work if there are no access-lists.

OK?

New Member

Re: Cisco VPN client with ASA behind Router

Hi tasic,

I only have one public IP, and I map 500 and 4500 UDP ports to the ASA from router.

ip nat inside source static udp 1XX.XX.XX.1 500 interface ATM0.1 500

ip nat inside source static udp 1XX.XX.XX.1 4500 interface ATM0.1 4500

(where 1XX.XX.XX.1 is ASA IP)

but nothing happens it says:

Reason 412: The remote peer is no longer responding

New Member

Re: Cisco VPN client with ASA behind Router

Do you have access-list on router outside interface?

You should add to asa

crypto isakmp nat-traversal 20

After that you should start troubleshooting to see what is happening. That is maximum from my side without configs.

New Member

Re: Cisco VPN client with ASA behind Router

Hi again

I tried with crypto isakmp nat-traversal 20 but nothing happens, I think that my problem is in the router side.

here is my router config:

in my ATM:

ip nat inside

and my nat rules are:

ip nat inside source static udp X.X.20.1 500 interface ATM0.1 500

ip nat inside source static udp X.X.20.1 4500 interface ATM0.1 4500

ip nat inside source static udp X.X.20.1 10000 interface ATM0.1 10000

ip nat inside source static udp X.X.20.1 62515 interface ATM0.1 62515

ip nat inside source static tcp X.X.20.1 10000 interface ATM0.1 10000

ip nat inside source static esp X.X.20.1 interface ATM0.1

where X.X.20.1 is my ASA

or maybe my problem is in cisco VPN client configuration:

I selected in transport tab:

Enable Transparent tunneling and IPSEC over UDP

232
Views
9
Helpful
4
Replies