I have a new ASA5505 firewall, it's outside interface is 192.168.255.1. In front of it, there is a Cisco router, the outside interface is 220.x.x.x. and internal interface is 192.168.255.254. Now I have configured the VPN for client remote access on 5505, and I set a NAT on the router to map one of my spared public address 220.x.x.24 to 192.168.255.1. However, I received an error message "The remote peer is no longer responding" when I try to connect with the VPN client.
Could someone assist and let me know what did I miss?
The symptom of this problem is that the Linux Client seems to try to connect, but it never gets a response from the gateway device. The Linux OS has a built-in firewall (ipchains) that blocks UDP port 500, UDP port 1000, and Encapsulating Security Payload (ESP) packets. Since the firewall is on by default, you either have to disable the firewall or open up the ports for IPsec communication for both inbound and outbound connections to fix the problem
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...