I have a cisco 851 that is connection to an ASA box. I don't have access to the ASA (outsourced company) but the 851 is local. They initially wanted to run private Ip's on the switching side but we told them thats not the standard for our company. So we came up with an option just to allow their tunnel ip through our firewall (ipsec ports only) to connect to the 851. Then use the same interface to connect to the server they need.
I'm only using the fa4 (wan) interface on the 851 with public addressing on both sides.
I can initiate the tunnel and it comes up but can't get nay data back. When we test with private addressing on vlan 1 the end user can pass data.
Eg.(not real addressing)
851 = 18.104.22.168 (fa4)
ASA = 22.214.171.124
local server = 126.96.36.199
remote server = 10.10.10.10
When the end user tries to send traffic to 188.8.131.52 (local server) it doesn't hit the tunnel it tries to go over the internet.
Any ideas? Do I need to use 1 public address on vlan 1 and one on fa4 in order for this to work. He says there crypto map is dynamic so the info should hit the tunnel.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...