I've got an issue which Im not sure about if its my confiuration fault or its something to do with Cisco's ASA Firewall. Network Diagram is attached for your reference.
I have got a couple of users behind Cisco ASA 5510 who use Cisco VPN Client (versions ranging from 3.6 to 4.8). They share a single IP address to Internet. ( I mean they are NATed). Now, they want to create a VPN connection to a PIX acting as VPN server. They are able to successfully create a VPN connection but they cannot ping the servers behind PIX 501. They also cannot access any services behind the PIX.
I tried the above scenario on Cisco routers and Linksys router. That works. But its not working with Cisco ASA.
Facts about the scenario:
I have done the normal NAT configurationa and its working.
They can ping the PIX 501.
They can create a VPN connection.
They CANNOT ping or access servers behind PIX.
Now, the possible reasons that I think are as below:
Something is wrong at Cisco ASA configuration because if I try to connect the PIX 501 from Dial-up, it works fine. It just doesnt works behind the ASA.
There might be some issue with NAT-Traversal. But I dont know should it be configured at ASA or on PIX?
Or simply, ASA doesnt supports Cisco VPN clients on NAT.
I would appreciate someone's help in this matter. Thanks in advance.
Re: Cisco VPN client not working behind ASA Firewall
Thank for the suggestion,
Actually the problem lies in my customer's ip assignment. They have an IP range of 192.168.20.0/24 for LAN. They have servers within this range.
Now, they want to create a Disaster Recovery situation. If the main servers are down for some reason they want to make another Cisco VPN to the PIX and connect to secondary servers behind PIX. The problem here is that the secondary servers have the same IP address as primary servers. I understand that this is a very bad network design, but at this stage, I cannot do anything else.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...