(Somewhat of a novice on ASA Firewalls) I've setup many VPNs using ASDM on the ASA 5505, but all of those, the endpoints of the tunnels were internal IPs or ranges of IPs on both ends. Now, a company we are trying to setup a VPN tunnel with will not connect to internal private IPs. They gave me a static public IP for us to use as the endpoint of our side. Then for us to NAT our internal IP for traffic on port 2004 to this public IP. I set it all up the best I knew how but I cannot get the VPN to pass traffic. I used the VPN Wizard in the ASA to create the tunnel. I entered their peer IP and local IP (along with the security settings for phase one and two), entered my local IP (which was the public IP I was given). Finished the wizard and the tunnel is created. I then put in a static NAT rule as follows: Original - Interface:inside source - (172.16.x.x), Translated - Interfaceutside source - (161.2xx.xxx.xxx){this is the public IP I was given} PAT - enable PAT is checked. Protocol TCP original port: 2004 Translated port: 2004
If I go to Monitoring in the ASA and view that tunnel, it comes up and successfully negotiates Phase One when I get them to try a ping. And in Monitoring, it shows Phase two and I can see the ping packets as it shows packets RX. But it shows 0 for packetsTX. ICMP is anable and they can ping my peer IP but not the public IP they assigned me. I'm assuming I have it correctly setup, so when they ping the public IP address that I have NAT'ed to my internal ip address, then those packets should be routed from that IP address down to my internal one and the the internal replies. Somewhere in that process I have missed something or I don't completely understand the whole NAT thing.
Any help would be greatly appreciated. The simple problem is a Site to Site VPN where my endpoint is a public IP that needs to be NAT to an internal IP for traffic.
If I go to Monitoring in the ASA and view that tunnel, it comes up and successfully negotiates Phase One when I get them to try a ping. And in Monitoring, it shows Phase two and I can see the ping packets as it shows packets RX. But it shows 0 for packetsTX. ICMP is anable and they can ping my peer IP but not the public IP they assigned me. I'm assuming I have it correctly setup, so when they ping the public IP address that I have NAT'ed to my internal ip address, then those packets should be routed from that IP address down to my internal one and the the internal replies. Somewhere in that process I have missed something or I don't completely understand the whole NAT thing.
Any help would be greatly appreciated. The simple problem is a Site to Site VPN where my endpoint is a public IP that needs to be NAT to an internal IP for traffic.