Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5505 Strange vpn problem I can only connect if the pc has a WAN IP addess

I have a asa5505 if an outside computer has a wan ip address it will see the computers on the network. If the computer is behind a router (any router) it will connect fine but will not see any computers on the network. All computer on the in the vpn are a 10.1.1.0 network and the connecting computers are on a 192.168.1.0 network. All subnet mask are 255.255.255.0. Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: 5505 Strange vpn problem I can only connect if the pc has a

Add the following command to your ASA.

crypto isakmp nat-traversal

In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t

This will allow users behind pat devices to use nat-t and should solve your problem.

Please rate if it helps.

3 REPLIES
Green

Re: 5505 Strange vpn problem I can only connect if the pc has a

Sounds like a nat-traversal problem. What version is your 5505?

New Member

Re: 5505 Strange vpn problem I can only connect if the pc has a

7.2 (2) is the asa ver and 5.2 (2) is the asdm

Green

Re: 5505 Strange vpn problem I can only connect if the pc has a

Add the following command to your ASA.

crypto isakmp nat-traversal

In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t

This will allow users behind pat devices to use nat-t and should solve your problem.

Please rate if it helps.

109
Views
0
Helpful
3
Replies