Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN Client with NATed Router

Hi,

I have cisco ASA firewall that has the private IP address on the internet interface that is connected to the router. That router has the SDSL connection and has the wan IP address with subnet /29.

I have added the static nat with one of the public ip address available.

For constructing the Site to Site VPN's or Remote access VPN's is i need some more natted commands, like nat traversal, IPSEC over tcp, UDP encapsulation etc on router / firewall. if yes then what commands are needed and where to implement.

your help will be higly appriciated.

2 REPLIES

Re: IPSEC VPN Client with NATed Router

You only need those commands when a device does not understand or support VPN pass-thru - typically remote users home ADSL modems.

If you have an ACL on the router, you just need to allow thru:-

IKE - UDP 500

IPSEC - Protocol 50

The rest will take care of itself.

if you enable NAT-T this will use UDP 4500 for the IPSEC UDP ecapsulation.

HTH>

Bronze

Re: IPSEC VPN Client with NATed Router

In addition to Andrew's comments, you may need a static NAT on the router to NAT a public IP to the external IP address of the ASA. It sounds like it's already in place though..

128
Views
0
Helpful
2
Replies
CreatePlease login to create content