I have a 3005 VPN concentrator with multiple dynamic site-to-site VPN connections. The remote sites are 501's. For management purposes I would like to be able to access the remote networks from a VPN client via the 3005. I have remote client VPN set up to the 3005 concentrator but I cannot access the dynamic remote sites.
In my remote 501's I have included my VPN network address in the "no nat" and "crypto" acls. from the remote locations I can access all subnets at my main location but cannot access any of the dynamic sites.
Is it possible? Here is a summary.
I want to use a Cisco VPN client to my main hub 3005. Once I am authenticated to the main network I would like to be able to access my remote dynamic site-to-site networks.
Make sure the VPN server (PIX Firewall, Cisco VPN Concentrator or a router) successfully assigns a DNS server IP address to the Cisco VPN Client. To check, issue the ipconfig/all command on your PC after you are connected with the VPN Client.
In the concentrator I am using the Base Group. That is the only way I found to make a dynamic connection work. Because of using the base group I am actually creating a remote session and not a tunnel. Never-the-less I still do not have access from a VPN client to the dynamic network.
What about EZVPN? Will that work from a concentrator to a 501? Seems simple enough.
further, regarding the design of the network, you mentioned the vpn is dynamic. it means that the remote site needs to initiate the vpn tunnel. so providing a user connects to the concentrator via vpn, this user will not be able to initiate the vpn between the remote site and the concentrator. it will only work providing the vpn between the remote site and the concentrator has already been established.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...