cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
6
Replies

Client VPN through ASA

kinskins01
Level 1
Level 1

HI,

Does anyone know whats going on here? One of the clients on the network launches a cisco vpn client to an external resource and the client connects and is authenticated but no traffic passes.

PAT is in use on the outside interface.

I have enabled nat traversal and sysopt connection permit-ipsec.

Thanks

6 Replies 6

mattiaseriksson
Level 3
Level 3

Hi, it is not you but the owner of the remote vpn server that has to enable nat traversal as it is part of the IKE negotiation between the IPSec peers.

Regards,

/Mattias

HI thanks for the response.

I have recently replaced a Sonicwall with an ASA and the connection worked fine through the Sonicwall.

Any ideas?

If you only have one client on your LAN you can use IPSec passthrough which is not enabled by default.

In ASA I think the command is inspect ipsec-pass-thru.

A sonicwall has probably all features enabled by default, wouldn't suprise me.

HI,

When the vpn was established from the client I got the following warnings on the ASA:

regular translation creation failed for protocol 50 src inside:192.X.X.X. dst outside:159.X.X.X

Its related to PAT so I went and put in a static entry for the client so it nats out to its own Public IP and hey presto it worked.

Thanks for your help

Right -

This is usually set on the Remote server end.

The option - IKE over TCP & Port number is available in the client. there is a UDP option also for this.

The default port for cisco is 10000.

you can find this by inititing a session form the client & typing the following command

show conn local ( ip of the client )

it will show you the connections

sdvorderh
Level 1
Level 1

Hello there, you might want to have a look at this article that explains that you need to create an ACL with ACE in the new verison 8.0 of the ASA IOS to get the traffic flowing!

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: