I am a novice at Cisco hardware and have been trying to troubleshoot our VPN issues for the last few weeks.
We had a vendor perform a vanilla install the following setup for our network:
- Cisco 2800 Perimeter Router
- Cisco ASA
- a clustered set of Cisco 3500 switches that were already in place, no Virtual networks, no ACL's.
- Win2K3 domain
- Exchange 2K3
We went with the SSL VPN and hardware token for our initial VPN setup. There are no rules setup on the VPN, end users have full access to the network (we plan to lock it down once we get things running smoothly).
When an end user connects through the VPN, the SSL VPN client installs and appears to be functioning correctly. However, some services are not available through the network, or sometimes work, sometimes do not.
For instance, I can access windows shares (though it takes a long time) and remote desktop into our servers. We also have an Enterprise application that uses SQL Server and functions correctly.
However, some applications do not work. Our Outlook clients do not see the Exchange server and some of our Enterprise applications that use SQL Server either do not work or take up to 5 minutes to open.
All of our systems work perfectly inside the perimeter network.
We have been left in the lurch by our vendor who installed our systems then bailed out when we asked them to help troubleshoot.
On our own, we found that if the Cisco ipsec client is installed, the SSL VPN works perfectly! All services are available and are very fast! This is the case even thought the ipsec client isn't running, in fact, its not even configured to run properly on the ASA.
We don't want to have to install the ipsec client on all our mobile systems so that is not an ideal solution.
Anyone with ideas about what might be at the root of our SSL VPN problems?