My company has 2 sites each configured with cisco asa5510 with vpn. Originally site A firewall is configured with only ipsec passthrough while site B is configured with both ipsec passthrough and nat traversal. Users at site B could vpn into site A but unable to access any resources at A. However from my home, i could vpn into site A and access network resources within site A. I then added nat-traversal to site A firewall to resolve the problem. Why is this so? Can someone also explain the difference between nat traversal and ipsec passthru? Thks in advance.
ipsec pass-throgh and NAT-T two different things - same family but diferent purposes, separate them to not get confused.
Ipsec-pass-through beside (inspection engine - which is another topic) it opens up Ipsec VPN ports, in earlier PIX versions 6.x or bellow you had to open up specific ipsec ports by access list instead so that your inside users could vpn outbound to other vpn gateways. In ASA 7.x above you no longer need to do acls to accomplish this, inspect ipsec-pass-through does it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...