Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Passthrough and NAT-T with ASA 5510

Does anyone know if the new 8.0 release will support a many private addresses to one public address. We have had alot of problems with an older release not supporting this at all. We have clients where we are that access Win and Nortel VPN servers at their home sites. We need to be able to provide these services through the ASA using ports IP 50,51 and UDP 500. All we can have is one public address. Also is there any way to make the connections going through the ASA all look like they have different addresses. That my be impossible but once a GRE tunnel has been established with one of the users the Nortel for example will not let anymore connections connect coming from the same IP. Thanks


Re: VPN Passthrough and NAT-T with ASA 5510

There is no problem providing these services through the ASA. Nat-t must be used by the devices on the remote end or you must not pat your clients on the inside of the ASA.

New Member

Re: VPN Passthrough and NAT-T with ASA 5510

We have no control on the VPN server side of the house. Only with clients passing through. So are you saying that I should only use NAT and NAT w/ PAT. How would that work?



Re: VPN Passthrough and NAT-T with ASA 5510

It sounded like you were saying it was because of your ASA that clients cannot use nat-t outbound to their respective gateways. The fact is that the ASA has nothing to do with it. If nat-t is not supported on the remote end, there is nothing you can do in the ASA to make it work. The only option is to not nat the clients, which requires public ip addresses, or use one connection at a time.

CreatePlease to create content