Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Setup of IPSec Passthrough

Hi All,

I would like to get some help on IPSec Passthrough on an ASA 5520, with version 8.3, and ASDM 6.3. Currently I have a requirement for users in my internal network (10.10.249.128 / 25) to be able to connect to external IPSec VPN servers.

So I created a network object with 10.10.249.128 / 25, and used dynamic PAT to translate the source ip address to the external internet facing outside interface:

29-Mar-12 4-09-43 PM.png

I then added the following rules on the inside-in ACL:

However troubleshooting shows that isakmp is passing through the firewall, but esp and ah is not.

For isakmp:

29-Mar-12 4-15-05 PM.png

For ESP:

29-Mar-12 4-17-21 PM.png

Seems like the nat rule is drawing my ESP traffic, can any one point me in the correct direction?

Kind Regards,

Jia Wei

Everyone's tags (7)
1 REPLY
Super Bronze

Setup of IPSec Passthrough

Hi,

Have you tried an actual VPN Client connection through the ASA from the guest network? Or is the problem only based on testing this thing with packet-tracer on ASDM side?

I dont remember ever opening ESP/HA for Cisco VPN Client traffic

2286
Views
0
Helpful
1
Replies
CreatePlease to create content