Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
3
Replies

can you create a site to site tunnel behind a nat router using ASA

carl_townshend
Spotlight
Spotlight

‎09-27-2013 12:45 AM - edited ‎03-04-2019 09:09 PM

Hi all

We have an ADSL router with the public IP on that, behind this we have an ASA firewall

Is it possible to create a site to site tunnel if I NAT the correct ports to the ASA ? if so what ports would I need to NAT, GRE / ISAKMP, UDP500 etc ?

cheers

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎09-27-2013 01:59 AM

yes, that can be done. But first you should check if you can change the dsl-router to modem-mode where you have the public IP directly on the ASA. That would make things more easy.

If it is not possible, then you have to forward UDP/500 and UDP/4500 to the ASA to make IPSec work. Or for more flexibility in later changes configure the ASA as an "exposed host" on the DSL-router to which all traffic is forwarded that enters your network.


Sent from Cisco Technical Support iPad App

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Karsten Iwen

‎09-27-2013 03:36 AM

by exposed host do you mean to do a direct nat for everything to the ASA ?

0 Helpful

Karsten Iwen
VIP
VIP
In response to carl_townshend

‎09-27-2013 03:41 AM

yes, thats the term that is often used in smaller dsl-routers.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card