because we have to change our currently used (old) IP address on the "Public" interface (move to a different address range) we planned to do a smoth migration by configuring the third, "External" VPN 3000 interface (of course as "Public") with the new IP address. That new IP address can be pinged, but it is not possible to connect to it using VPN. The "Live Event Log" does show absolutely no activity. Are there any known issues with the External interface (Version 3.6.3) or is that impossible to work ?
You need to be carefull on using the third interface. Even though you can configure the interface to be public, it does not have all the functioality of the public interface. I had this problem using a TCP connection on the external interface. After two days of reseaching the problem, there was a small blurb on the Cisco site on this. This interface does not support TCP connections. It refuses the connection and will not log the results. Good luck
We are able to terminate IPSec over UDP clients to the External interface. By the default, the External won`t receive IPSec/UDP (or I believe IPSec/TCP) connection, but the workaround is simple, just create rules (Inbound and Outbound) to accept UDP 10000 ( or TCP 10000 for that matter).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...