Here is the layout. There is a site-to-site VPN established and working fine between Site A and Site B.
It is necessary to access a third party network in site C by using a Cisco VPN Client, which is connected to LAN in site A, behind the gateway- router, as indicated.
VPN Client PC sends the initial request to router in Site C, but the response is intercepted by router in Site A, and it never reaches the Client VPN. I assume that the router tries to look for a SA, but as it doesn´t find any, discards the packet. How can I configure the router to permit this packet to go through the router (NAT) and to reach the internal PC?
Re: CISCO VPN CLIENT BEHIND A SITE-TO-SITE VPN ROUTER
You need to use a different IP for your user-sessions then you use for your L2L-sessions. If you don't have multiple IPs you have to change the VPN-technologie. For the client-connection that could be Anyconnect-SSL or for example IPSec over TCP if you have to use the legacy VPN-client.
If you are so kind I´ll need some futher reference to some links explaining the alternatives: for instance, I cannot figure how two different IP addresses could help. May be I guess somewhat about running IPSec over TCP, and I am looking if we could make the Site C organization is able to configure this way for us.
Thanks a lot and I´ll appreciate further references.
A bit late to the party, but if you haven't resolved your issue, the problem is most likely your NAT. If you're overloading all outbound traffic to the same IP address that your site-to-site traffic is built to, then your router is going to think that the IPSEC traffic is coming to it, not to your inside client. You will need to NAT your traffic to a different IP address. I would give the client machine a different static NAT to get around this - or change your overload NAT so that it's a different IP than your VPN.
Example. If all your site A traffic is using 18.104.22.168 and your VPN tunnels are also built to 22.214.171.124, then change one of them to 126.96.36.199, or give your one workstation a static NAT of 188.8.131.52 so that the router can differentiate.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...