Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Cisco ASA 5505 site to site VPN problem

Cisco ASA 5505 site to site VPN problem

Cisco ASA 5505 site to site VPN problem

(Somewhat of a novice on ASA Firewalls) I've setup many VPNs using ASDM on the ASA 5505, but all of those, the endpoints of the tunnels were internal IPs or ranges of IPs on both ends. Now, a company we are trying to setup a VPN tunnel with will not connect to internal private IPs. They gave me a static public IP for us to use as the endpoint of our side. Then for us to NAT our internal IP for traffic on port 2004 to this public IP. I set it all up the best I knew how but I cannot get the VPN to pass traffic. I used the VPN Wizard in the ASA to create the tunnel. I entered their peer IP and local IP (along with the security settings for phase one and two), entered my local IP (which was the public IP I was given). Finished the wizard and the tunnel is created. I then put in a static NAT rule as follows: Original - Interface:inside source - (172.16.x.x), Translated - Interface:outside source - (161.2xx.xxx.xxx){this is the public IP I was given} PAT - enable PAT is checked. Protocol TCP original port: 2004 Translated port: 2004

If I go to Monitoring in the ASA and view that tunnel, it comes up and successfully negotiates Phase One when I get them to try a ping. And in Monitoring, it shows Phase two and I can see the ping packets as it shows packets RX. But it shows 0 for packetsTX. ICMP is anable and they can ping my peer IP but not the public IP they assigned me. I'm assuming I have it correctly setup, so when they ping the public IP address that I have NAT'ed to my internal ip address, then those packets should be routed from that IP address down to my internal one and the the internal replies. Somewhere in that process I have missed something or I don't completely understand the whole NAT thing.

Any help would be greatly appreciated. The simple problem is a Site to Site VPN where my endpoint is a public IP that needs to be NAT to an internal IP for traffic.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close