At our office we have a Cisco router which is also configured as vpn router.
Everything works fine for most costumers, except for one. He can connect succesfully without problems, but cannot reach anything in our network. (no ping, no rdp, no file sharing etc.)
We think the problem persists in NAT, so in the Cisco client there is an option “transparant tunneling”, thinking that would solve our problem we tried to enable it. Not with any succes, with that option enabled we can not even connect (from that one costumer, and ourself as a test).
What do we to do to enable this option?
Below is my config
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
logging message-counter syslog
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxxxxx
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.50
IOS software has the tranparent tunneling always on. Once the VPN Client trying to connect has this option checked, it will be used IF there is any device NATting in the path between the router and the client. This means the packets will have an extra encapsulation (UDP 4500) before being encrypted.
What may be happening is that ISPs in the path may block this well known ports (UDP 500, UDP 4500) and well known protocols.
What I would suggest you is to enable a feature called IPsec over TCP.
1. In the IOS, you can enter "crypto ctcp port 10000"
2. In the VPN Client, select the connection. Click modify, go to 'transport' tb and select IPsec over TCP (default port is already 10000, but if not, change it to it).
This command does not prevent VPN from working on defulat UDP port 500. It just adds another option to connecting clients (that may be blocked on defualt ports by the ISPs).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...