Solved: Remote Access VPN dead end

andrew-susag · ‎11-09-2007

Hi all. I have a 5510 that I'm using for both a l2l ipsec tunnel as well as remote access. I've been staring at this thing so long I'm loopy.

My l2l tunnel is up and happy. The hosts can talk to each other.

My RA is happy as far as I can log in with a vpn client. Unfortunately, I am unable to access anything besides the ASA itself when I'm connected. I can't ping the host on the inside.

I need to be able to access the host 10.0.5.10/26 on the inside interface which is 10.0.5.1/26. I've attached the config.

Can anyone see any glaring problems? I think its likely an ACL problem, I'm a little new at this stuff though and I'm not sure if I'm doing it right.

One thing I noticed is that when I check my ipconfig after connecting to the vpn. I get this...

IP Address: 10.0.5.20

Subnet Mask: 255.255.255.192

Default Gateway: 10.0.5.20

That seems like an odd gateway...

Thank You!

acomiskey · ‎11-09-2007

Add..

isakmp nat-traversal

Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.

ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0

Please rate helpfulp posts.

View solution in original post

acomiskey · ‎11-09-2007

Add..

isakmp nat-traversal

Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.

ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0

Please rate helpfulp posts.

andrew-susag · ‎11-09-2007

Thanks for the reply. I added that command but it doesn't appear to have made a difference.

acomiskey · ‎11-09-2007

I edited my post above.

andrew-susag · ‎11-09-2007

Good deal, thanks for the help! I've been burned by the subnet rule before. I should've known.