Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote Access VPN with Router and ASA , with one public IP

Hi,

I am setting up a vpn remote access solution with a ADSL Modem, a 1720 Router and a ASA. I only have one fixed Ip address on the Dialer Interface of the Router, and behind the Router I am using RFC1918 addresses. Also the outside interface of the ASA got an RFC1918 address. My big question:

How do I set up the Router Config, so that udp_500 and udp_4500 gets forwarded to the outside interface of the asa, and the vpn tunnel is finally terminated at the ASA. I know I have to disable nat on the ASA, nat (inside) 0 access-list ... for traffic that is supposed to be tunneled and not translated.

And I think I have to nat the destination from the public ip address to the internal RFC1918 address from the outside interface.

BUT ... it does not work. I could not find an example where the actual nat config of the router is described, and maybe nobody ever does it or it is too simple... I don´t know.

Thanks for helping.

cheers

Yves

3 REPLIES
Gold

Re: Remote Access VPN with Router and ASA , with one public IP

You need configure port forwarding on 1720 router

If you have following scenario:

Internet---router Public IP---router Private IP ----ASA private IP

You need configure port forwarding for UDP ports 500 (IKE) and UDP 4500 (port for encapsulation for NAT traversal)

ip nat inside source static UDP privateIP_ASA 500 PublicIP_router 500

ip nat inside source static UDP privateIP_ASA 4500 PublicIP_router 4500

and

On routers Public interface

ip nat outside

On routers Public interface

ip nat inside

M.

Hope that helps rate if it does

Community Member

Re: Remote Access VPN with Router and ASA , with one public IP

Thanks , it works.

Community Member

Re: Remote Access VPN with Router and ASA , with one public IP

I do this same thing, however I have setup a bridge between the atm0/0 and my f0/0. So the router has no ip associated with it and you put dhcp on the outside interface of the asa.

int atm0/0

bridge-group 1

int f0/0

bridge-group 1

bridge irb

bridge 1 protocol ieee

bridge 1 route ip

Then on your ASA set dhcp on the outside interface.

if you have pppoe the ASA does not support that.

157
Views
5
Helpful
3
Replies
CreatePlease to create content