Problem with IPSec tunnel passing through a NAT device

Discussion in 'Cisco' started by souletg, Mar 23, 2010.

  1. souletg


    Mar 23, 2010
    Likes Received:

    I'm trying to create an IPSec tunnel passing through a NAT device with use of access-list and NAT.
    Can I do a ASA to ASA IPSsec tunnel like this?

    ASA_1 <----> NAT Device (router) <----> INTERNET <----> ASA_2

    On the NAT Device (router), I create a static translation for the internal ASA and IPSec traffic has been authorized from the external ASA to the translated address.
    - ISAKMP : udp 500 / 4500
    - ESP : protocol 50
    - AH : protocol 51

    VPN tunnel is up and running when I type "show crypto isakmp sa" and "show crypto ipsec sa" but traffic is not working from one side to the other side.

    Is it a NAT problem ?
    Do I need to turn on NAT traversal ?
    On which device ?

    Many thanks for your help.
    souletg, Mar 23, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.