I think that I have a "forest and tree" issue here.
I have an ASA 5510, IOS 7.0(5) running the ADSM 5.0. Have successfuly configured an VPN tunnel using a Windows 2003 Server IAS for Authorisation for login.
That works successfully, but I can't pass any traffic down the tunnel once it is nailed up. I'm sure that it is a basic NAT or ACL that I am missing. The only traffic that I want on the VPN is TCP port 3389 so clients (using the Cisco VPN Client 4.8.X) can connect to our 2003 Terminal server.
I have configured a VPN Pool address range of 172.16.0.1 - 172.16.0.51/24. My test client picks up the IP address OK, but then uses the same IP as its gateway. Not sure if that is the problem, as I would have thought that the client would use the VPN interface address as a gateway...Either way, once the tunnel is established, I cannot ping or establish a connection to our TS Server.
Below are the Route and NAT rules that are currently in place. Keep in mind that we have 2 DSL lines incoming, one for normal net traffice (yet to go live) and one for VPN traffic. The device is called Gatling-06, and I have four interfaces on it enabled - GCC_LAN (connected to our LAN), GCC_WAN (for normal Internet Traffic), GCC_VPN (for our VPN Traffic) and the Management interface.
S 0.0.0.0 0.0.0.0 [1/0] via 147.109.239.XXX, Gatling_GCC_WAN
S 10.10.0.0 255.255.255.255 [1/0] via 147.109.139.XXX, Gatling_VPN
C 10.10.0.0 255.255.254.0 is directly connected, Gatling_GCC_LAN
C 147.109.239.XXX 255.255.255.240 is directly connected, Gatling_GCC_WAN
C 147.109.253.XXX 255.255.255.248 is directly connected, Gatling_VPN
NAT config, in attachment.
I'm sure that I am missing something pretty basic, but haven't been able to see exactly what it is - yet! The other thing I have noticed is that the ASA is rejecting NetBIOS traffic, I don't really want to allow client NetBIOS traffic through on the VPN.