Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
3
Replies

NAT IP on 3000 Concentrator

Go to solution
wgranada1
Level 1
Level 1

‎03-10-2008 07:26 AM - edited ‎03-09-2019 08:16 PM

Hi everyone just have a quick question here to make sure I'm thinking right. When you NAT on the Concentrator your network list on the local side will be the NATTed IP correct? so for instance if my original IP address is:

192.168.30.20

and I do a static nat of 10.255.140.4

my network list would contain only the NATTed ip address of 10.255.140.4/0.0.0.0

so on the remote end if I wanted to contact the local end I would ping 10.255.140.4 the natted ip and not the original ip of 192.168.30.20 right?

If the above is true and if the remote end tries to ping 10.255.140.4 but cannot then the issue is on there end not mine correct?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brettmilborrow
Level 1
Level 1
In response to wgranada1

‎03-10-2008 09:00 AM

You are looking in the right place. Remember the tunnel must be up for this to show up. Try to connect to the remote network, then look under LAN to LAN sessions, you should see the connection name specified in the configuration section for the tunnel to the remote site.

The connection name should be a link, if you click on the link you should see information about the tunnel, this is where you need to look for the specific SA for the networks.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
brettmilborrow
Level 1
Level 1

‎03-10-2008 08:41 AM

Your assumption is correct in terms of the NAT, but not necessarily for the ping failure. You should check that there is an IPSEC SA for 10.255.140.X to their remote network. (look under 'Administration -> Administer Sessions" to see if an SA exists and how many packets have been encrypted and decrypted for the SA.

This should help point out where the issue may be.

0 Helpful

Go to solution
wgranada1
Level 1
Level 1
In response to brettmilborrow

‎03-10-2008 08:53 AM

Thanks for the info but I looked under Administration -> Administer sessions and I don't see any SAs that you are talking about.

I have a 3000Concentrator and when I go to that sections all I see is Sessions Summary, NAC Sessions Summary, Lan-to-Lan Sessions and remote access. I've looked at all and don't see any SAs, am I looking in the right place?

0 Helpful

Go to solution
brettmilborrow
Level 1
Level 1
In response to wgranada1

‎03-10-2008 09:00 AM

You are looking in the right place. Remember the tunnel must be up for this to show up. Try to connect to the remote network, then look under LAN to LAN sessions, you should see the connection name specified in the configuration section for the tunnel to the remote site.

The connection name should be a link, if you click on the link you should see information about the tunnel, this is where you need to look for the specific SA for the networks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents