Access computer behind Cisco ASA5505 using Easy VPN connection.

We have a remote user that is set up with Easy VPN on a Cisco ASA 5505 so that they are VPN'd into our main company router (this eliminates the need to use the cisco VPN client every time they want to get e-mail, etc.).   The firewall at our main office is also an ASA 5505.  

A couple of items to note about this user:  The user is behind a comcast modem/router with the ASA 5505 behind it.  This means that the cisco gets an outside interface of whatever DHCP is handing out from the Comcast router (which happens to be 192.168.1.69).  When this was first set up, we forwarded port 443 from the Comcast router to the Cisco so we could access the ASDM remotely.   The inside interface of the Cisco hands out 192.168.16.x addresses via DHCP.  The Cisco inside interface is 192.168.16.1.  When the easy vpn connection connects to our main office, it gets an IP address from the DHCP server there.

We would like to be able to access a computer through RDP (tcp port 3389) behind that Cisco (192.168.16.8) from the central office.  However, Easy VPN does not allow you to view and connect to computers on the inside interface like a site to site VPN would allow (which I've also tried setting up, but when the two sites get connected, no data flows through as a result of the comcast router).  Is there any way to gain access to that company computer at the remote site (192.168.16.8) through the easy vpn connection using Remote Desktop?  We do have access to the ASDM of the remote Cisco, but do not have access to the comcast firewall.

Thank you
LVL 2
OAC TechnologyProfessional NerdsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ged125Commented:
Something isn't right because the Comcast router should be handing out a public IP address to the pix, not 192.168.1.69 which is a private IP.  Are you sure the cable modem not also acting as a firewall?  It sounds like the modem is doing NAT, which would explain why you can't get a site to site VPN going.
0
OAC TechnologyProfessional NerdsAuthor Commented:
the router that comcast has installed is doing NAT.

the problem is that our client has let this user go, and we need to access some data on it.
0
ged125Commented:
Can you turn off NAT on the Comcast router so that you can get a public IP address on the outside interface of the ASA?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

OAC TechnologyProfessional NerdsAuthor Commented:
we could, if the user would talk to us.

she is holding the computer hostage and works off site out of her home.
0
ged125Commented:
Sounds like a bad situation. Unfortunately the fact that NAT is running on that router is going to make it impossible to get passed it unless you have help from someone on the other side.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OAC TechnologyProfessional NerdsAuthor Commented:
that's the reason for this post :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.