Cisco ASA - Initiate a VPN from a cisco router on the local LAN behind ASA?

We currently have an ASA with site to site VPN and anyconnect VPN being utilized. We received a third party  cisco router which will  be used to initiate their own site to site VPN from inside our local LAN to their LAN through our ASA.

1. What we would like to know is if the following ports listed below would interfere with ports for site to site VPN and anyconnect VPN?

2. Would NAT Traversal be required on our ASA? 5540(config)#crypto isakmp nat-traversal

- allow access from xxxxx on TCP Port 22

               - allow access from xxxxx - protocol 1

              - allow access to xxxxx on UDP Port 500, also add UDP 4500 for NAT-T

               - allow access to/from xxxxx - protocol 50

Certificate port:
               - allow access to/from xxxxx  on TCP port 8080

NTP port:
               - allow access to/from xxxxx on UDP port 123
First LastAsked:
Who is Participating?
Ernie BeekExpertCommented:
1. You would need a dedicated public ip (1:1 static NAT) for the router to let ESP through (and ISAKMP) to that router.
2. From the top of my head: NAT-T would be required if the ASA itself was setting a VPN up through a NAT device. So it shouldn't be necessary in this case.
First LastAuthor Commented:
Thanks - That is what i've been reading too. I had the 3rd party company take their router back. Instead they are going to do a site to site vpn with us! Thankfully this is VERY simple because they are using Cisco ASA's too!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.