ASA 5510 VPN Access I can't get to the Unix server

Unanswered Question
Apr 2nd, 2007

I have a Unix server on my internal network and when I VPN in to my office I can't connect to it. The Unix server has an IP address that's in the range of all my Windows 2003 servers but I can't ping it or connect to it. If I'm sitting in my office everything works fine so I must be missing something. I've tried putting a record for it on my internal DNS server that the VPN points to but no luck. It's an old SCO Unix server that I know nothing about so any help would be greatly appreciated. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
mfreijser Tue, 04/03/2007 - 01:38

Can you connect to any other device in your network, exept for the Unix server?

If so, does the Unix server have a route (default-route perhaps?) to the ASA for the VPN network? Else the Unix server can't find the VPN Clients!

If you cannot access anything on your internal network, then you need to check your nat configuration.

If the route isn't the problem; could you post your configuration (cut out the passwords and public ip addresses!) so i can take a look at it :)

Please rate if the post helps!

Regards,

Michael

a.grussner Tue, 04/03/2007 - 04:37

Yes I can connect to everything else on the network except the Unix server. I have servers with 192.168.0.9, 192.168.0.11 and I can get to them with no problem. The Unix server is 192.168.0.10 and I get no response trying to access it or even ping when I'm on the VPN. I can get to it fine when I'm in the office and it worked fine when we had an old Microsoft VPN setup on an old server in the office. I didn't see anywhere in the Unix GUI where in can put the gateway address but it does have a spot where it says Broadcast address and that is set as 192.168.0.255. The only thing I saw about a gateway was a selection that says gateway yes or no and that was it and it was set as no.

mfreijser Tue, 04/03/2007 - 05:11

It is really important that you figure out if the Unix server has a route to the ASA for the VPN Client subnet.

Usually Windows VPN is configured with an address from the same subnet as the internal network, Cisco VPN client pools are preferably configured with a different subnet. That's why the previous windows solution worked, and the Cisco solution doesn't.

I hope you can find a way to display the routes on your Linux server, or that you can find somebody who can help you find it :)

Regards,

Michael

a.grussner Tue, 04/03/2007 - 05:46

My VPN clients get an IP address of 192.168.3.0 with a subnet of 255.255.255.0. So you think this is a route on the Unix server that needs to be added for my VPN clients? The gateway IP which is my only ASA is 192.168.0.1 for my internal users to gain Internet access.

mfreijser Tue, 04/03/2007 - 05:50

You don't have to add a route to the VPN Clients if the Unix server has the ASA as default gateway. :)

a.grussner Tue, 04/03/2007 - 05:55

Since I'm not a Unix guy and there's no one left at my company that knows how to work on the Unix server which hopefully will be gone in a few months how hard would it be to add a route to the ASA for my VPN users?

mfreijser Tue, 04/03/2007 - 06:01

Probably not too hard, there is a lot of information hanging around on the internet. You could try to search on Google for configuration instructions for your type of Linux.

a.grussner Tue, 04/03/2007 - 06:41

So you don't have anything documented on how to add the route on the ASA 5510? I'd really like to not have to mess with the Sco Unix server settings.

mfreijser Tue, 04/03/2007 - 06:47

I definity know how to add a route on a ASA, but the ASA isn't the problem!

The Unix server has to learn the route to find the VPN Clients, the ASA already knows were to find the VPN Clients.

What i don't know is if the ASA is the default gateway of the Unix server, if this is the case: then you don't have to change the configuration of the Unix server!

Actions

This Discussion