ASA 5505 VPN NEM

Unanswered Question
Jun 26th, 2007
User Badges:

Hi! First of all I appologize for posting a similar question in another forum. I think this one is the right place.


Im trying to connect to a PIX 501 with easy vpn in nem mode with a ASA 5505. Currently running 7.2.2-22 (had to download a interim release due to dhcp problems with the ISP in 7.2.2) and ASDM 5.2.


The problem is that when using nem mode i cannot ping the other side at all. When using client mode this works fine but i need the two way traffic.


Our Head unit is 192.168.1.1 and the connecting ASA 5505 is 192.168.10.1. When I try to ping a machine (192.168.1.201) from the remote site I get this in the ASA log:


With network extension mode


302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr 192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512


With only client mode


302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr 192.168.1.201/0 gaddr 192.168.1.9/1 laddr 192.168.10.2/512


It seemes to me that the ASA sets an incorrect gateway address in nem mode ?


The PIX 501 has been working fine for some years with software clients connecting.


Any ideas ?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pradeepde Mon, 07/02/2007 - 06:15
User Badges:
  • Bronze, 100 points or more

When configured in Easy VPN Network Extension Mode, the ASA 5505 does not hide the IP addresses of local hosts by substituting a public IP address. Therefore, hosts on the other side of the VPN connection can communicate directly with hosts on the local network.


Try this link:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/site2sit.html



kumlait2004 Mon, 07/02/2007 - 10:02
User Badges:

OK thanks. But I dont want to use Site 2 Site. NEM is what I want to use and its currently not working when configuring as the 7.2.2 manual describes.

Actions

This Discussion