1) Prior to version 3.6 Rel of the VPN 3000, it supports NAT , called Interface NAT (actually many-to-one PAT). This allows private network addresses to be PATed with the public IP address of the VPN 3000 for traffic destined for the "public network". This NAT type is not used for traffic across a LAN-to-LAN tunnel.
You must still explicitly allow "portless/ICMP", FTP and UDP on the NAT interface by assigning these rules to the public interface filter. Ping worked for you because ICMP/IN and ICMP/Out rules are assigned to the public interface by default. Add the FTP and UDP rules and this should work.
2) IWith Rel 3.6 , besides Interface NAT, we also added "NAT over LAN-to-LAN". This is used when you have overlapping or same IP networks at multiple sites.
1) I *think* i have already tried this. here are my rules:
10.1.64.0/21 on Ethernet 2 (Public) (no port mapping)
10.1.64.0/21 on Ethernet 2 (Public) (map TCP/UDP)
10.1.64.0/21 on Ethernet 2 (Public) (FTP Proxy)
i've also tried having the TCP and the UDP in separate rules. Do these rules need to be in any order?
We have a number of VPNs setup on this already all on the 10.x.x.x range. i just want to enable NAT out to the internet so internal machines can surf out. (I have DNS etc etc all working fine becuase i have our real firewall here to try it out). I'm actually trying to get this going for a small office of our company who will just have this Cisco Plugged in for both VPN to head office and for surfing/firewall etc etc... which is why we want to NAT to the internet (or pat or whatever it is). ideas?
2) is rel 3.6 just a firmware update that i can apply to my cisco? will this erase all my customizations for existing VPNs etc? i have about 7 VPNs going like a bought one.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...