I was wondering if anyone could help point me in the right direction with the following problem.
I have been trying to connect to several companies (that I support) VPN's from home. They have the same devices as me. Which is a Pix 501 firewall which is behind a Cisco 827 ADSL router.
I only have a single public IP which is on the Router, and the Router is performing NAT. The Pix is not performing any NAT. I have allowed all TCP, UDP and IP protocols out of my firewall. And I have allowed only, ESP,ISAKMP and pc-anywhere DATA and STATUS back in. As I want to be able to use Pc-anywhere to control the servers.
The problem I have is that I can talk to the remote PIX using the Cisco VPN client and it establishes the VPN tunnel. I get an IP address for the VPN client but I cannot connect to the server.
I have done some debugs on the Router and can see that the router is sending packets to the destination firewall but not getting a reply. I can also see that the VPN client is encrypting packets. But I get no replies.
Also if I dial up to my ISP direct using a Modem and I connect to my clients VPN I can see the server and use Pc-Anywhere. Its just a problem if I go through my PIX and Router.
Is what I am trying to do possible? Any suggestions would be greatfully appricated.
I have managed to fix this! For anyone who is interested I needed to have a Static mapping NAT translation on my Cisco router, as the router didnt seem to know what to do with the packets once they had returned.
If anyone wants to do more than one connection out you will need several public IP's and a static NAT mapping for each client.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...