Remote VPN issue with ASA 5510

Posted on 2011-09-07
Last Modified: 2012-05-12
Need a quick answer on this:

I have a Cisco ASA 5510 with many IPsec remote access vpn users connected through Cisco remote software. We send out our .pcf file and have them install the software on their PC/laptop, etc. This seems to work flawlessly for everyone except one particular company. They can connect to the ASA but can not see anything beyond that.

Their tech is telling me I need to enable: isakmp nat-traversal 20 for it to work, but I don't understand why I should do this when everyone else is perfectly fine.

In case it matters we also use split-tunnel on the remote VPN connections.

Question by:michaelgoldsmith
  • 3
  • 2
LVL 35

Expert Comment

by:Ernie Beek
ID: 36496237
As per:

'nat-traversal' allows a VPN client that's behind a NAT device (router or firewall performing NAT translation) to successfully connect to a PIX via VPN.  NAT-traversal is off by default, so you have to enable it, as you've seen above.  Without nat-traversal, a VPN client that wanted to connect to your PIX would have to have a public IP directly configured on it, such as: a) using a DSL or cable modem connected to your PC, or b) PC connecting via dialup.
LVL 12

Author Comment

ID: 36496480
Makes sense, however I can connect from one of my own remote locations behind an ASA using the remote VPN connection and access the LAN at the other side.
LVL 35

Expert Comment

by:Ernie Beek
ID: 36496714
Just thinking, there is also a Nat option in the client. Might want to have a look at that.
Second, do they have an asa at the other side?
LVL 12

Author Comment

ID: 36496816
Not sure what the device is on the other side. I can inquire.
LVL 35

Accepted Solution

Ernie Beek earned 500 total points
ID: 36496890
It could be an option. On the other hand, would it hurt to enable the Nat traversal? Are there specific reasons you don't want to implement that?

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Free VPN for windows 4 66
Cisco ASA two factor VPN 3 54
Sophos UTM Endpoint VPN 2 61
cradle point vpn to sonicwall 5 80
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question