VPN Configuration on ASA 5505 - Please Help

Unanswered Question
Jul 5th, 2007

I'm stuck and really having a tough time figuring out the VPN configuration.

One of my friends was trying to help but he couldn't figure it out.

Details: He has the Cisco VPN Client and can connect to the ASA5505, I have the Windows Client (XP Home) and couldn't even connect (will try again tonight). When he connects, he said that he couldn't see any of our internal machines (Ping, etc). I have made a couple of changes today, and hope to try connecting again tonight.

The setup is just basic VPN, and the connecting machine should be able to access the entire internal office network.

I attached the latest configuration.

(Note: IP's have been changed and are bogus - to provide some mystery.)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
acomiskey Thu, 07/05/2007 - 10:50

1. Add "crypto isakmp nat-traversal"

2. Change your vpn client pool to it's own subnet. It should never be the same as a subnet on your inside network.

3. Change your nat exemption acl to reflect the new vpn client subnet.

access-list inside_nat0_outbound extended permit ip 192.168.x.0

rickpmonson Thu, 07/05/2007 - 11:17

First Thanks for taking a look.

I did the requested changes, but I had to remove the VPNPool from the Assigned Pools on the General Client Parameters to edit the pool. Should I move it back into the Assigned Pools?

Also I have included a new Running configuration (just so you can see the changes I made).

If it all looks ok, I will try tonight and be sure to return and follow-up on this discussion (about 5 hours from now).

acomiskey Thu, 07/05/2007 - 11:23

Yes, you would have to remote the pool from the tunnel-group attributes, change the pool, then add the pool back to the group...

tunnel-group SuperParasite general-attributes

address-pool VPNPool

Also, you can execute this statement as it is no longer needed...

no access-list inside_nat0_outbound extended permit ip

rickpmonson Thu, 07/05/2007 - 11:37


I have made the changes and flashed them. It looks great (even if I don't understand it all). Can't wait to try it out.

Either way, I will come back at let you know.

Thanks again


This Discussion