Problem with IPSec tunnel passing through a NAT device

Discussion in 'Cisco' started by souletg, Mar 23, 2010.

  1. souletg

    souletg

    Joined:
    Mar 23, 2010
    Messages:
    1
    Likes Received:
    0
    Hi,

    I'm trying to create an IPSec tunnel passing through a NAT device with use of access-list and NAT.
    Can I do a ASA to ASA IPSsec tunnel like this?

    ASA_1 <----> NAT Device (router) <----> INTERNET <----> ASA_2

    On the NAT Device (router), I create a static translation for the internal ASA and IPSec traffic has been authorized from the external ASA to the translated address.
    - ISAKMP : udp 500 / 4500
    - ESP : protocol 50
    - AH : protocol 51

    VPN tunnel is up and running when I type "show crypto isakmp sa" and "show crypto ipsec sa" but traffic is not working from one side to the other side.

    Is it a NAT problem ?
    Do I need to turn on NAT traversal ?
    On which device ?

    Many thanks for your help.
     
    souletg, Mar 23, 2010
    #1

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Termination of an IPSec VPN tunnel and a GRE Tunnel on one physical interface.

  2. Split Tunnel Blocks http through tunnel but passes http around tunnel

  3. Running an ipsec tunnel through an IOS access-list

  4. One IPsec tunnel and no ISAKMP tunnel.

  5. VPN tunnel seems fine but no traffic is passing through it.

  6. connecting a Nortel Contivity VPN device to a Cisco PIX Firewall in IPSEC tunnel mode

  7. site to site IPSEC Tunnel question problem with NAT T

  8. Cisco VPN clients not passing traffic after new PTP IPSec tunnel is up

Loading...