We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 557 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


317 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Notable Replies

  1. sims says:

    Hi Rene,

    If i want to create another connection profile , do i need to create another policy in ipsec phase 1 (
    crypto ikev1 policy 10)

    Or is it one time configuration ,( Ipsec phase 1 and Phase 2 ) .
    How to remove the tunnel group and group policy from command line


  2. I have added the below command but am able to connect successfully but I cant access LAN device either through ping, tracert, telnet, ssh etc.

    ASA1(config)# object network LAN  
    ASA1(config-network-object)# subnet
    ASA1(config)# object network VPN_POOL
    ASA1(config-network-object)# subnet

    I wasn't able to configure the below command since am running an 8.2 version. What am I missing?

    ASA1(config)# nat (INSIDE,OUTSIDE) source static LAN LAN destination static VPN_POOL VPN_POOL

  3. Hi Gabriel,

    It is possible. Most devices, including the ASA firewall, support NAT traversal for IPsec.

    Is your public IP addresses NATed 1-to-1 to the private IP address that your ASA uses? If so, give it a shot.


  4. HI

    When the tunnel is brought up on the ASA does it create a logical tunnel interface and assign it an ip address from the vpn pool?

    what show commands could i use to see this interface on the asa ?


Continue the discussion forum.networklessons.com

28 more replies