Still working on trying to get CUma working on an ASA. From reading through multiple documents I found the setup confusing, and not much help from TAC either. What I get from Cisco Tac is the Cuma server sees the mapped IP of the translation as the client, yet the ASA isn't configured to source the IP of the translation, that requires a whole different set up.
So, working off the one doc I found, here is what needs to be done for Cuma to work with the ASA as far as what it see's as the client IP.
Translate all client IP addresses to a single source IP address for routing through the firewall to Cisco Unified Mobility Advantage:
global (<inside interface name> <nat_id> <shared ip address to which all client ip addresses will be translated>) netmask <subnet mask>
nat (<outside interface name>) 1 0 0 outside
Note that because the IP address that all clients share is the same as the inside interface, you can use interface instead of specifying the IP address.
global (inside) 1 interface
nat (outside) 1 0.0.0.0 0.0.0.0 outside
What I gather is, when a client connects to Cuma, the ASA translates the incoming IP to the inside IP of the ASA, and that is the IP seen by Cuma. Cuma responds back to the Client via the IP of the ASA, and that is the IP that now gets registered with the Callmanager.
Simple enough, but when applied it now breaks all EZVPN connections into the ASA. I need to know how to exempt the VPN from the above NAT configuration.
Do I nonat the internal networks, or do I now need to filter based on their public IP's and what happens when the IP changes since they are all Dynamic?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...