12-12-2007 06:47 AM - edited 02-21-2020 01:49 AM
Hi there,
I have got an ASA 5510 with IOS 7.0.7.
The ASA has two external connections:
- External VLAN 5
- External VLAN 225 (default route points to the next router)
Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.
I think it's a routing-problem on the ASA.
Right?
Is there something like "source-routing"?
Thanx for help.
Marc
12-19-2007 09:06 AM
If you have any trunk ports from Switch to ASA make sure VLAN 5 is allowed on that port and ensure that there is a layer 3 device with an ip address configured in this VLAN. Refer URL for configuring the switch http://cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/ifcs5505.html#wp1051654
12-22-2007 08:35 AM
Hi,
there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.
Ping from the ASA to the routers works fine.
It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).
Any ideas to solve the problem?
Regards Marc
01-15-2008 05:51 AM
Please post your configuration and we'll be able to help further.
--Jason
02-21-2008 06:31 AM
Hi,
here is the configuration.
Hope, all neccessary information is included.
interface Ethernet0/0.5
description VLAN zum Router
vlan 5
nameif outside.5
security-level 0
ip address x.x.x.5 255.255.255.248
!
interface Ethernet0/0.225
description VLAN zum Default-Router
vlan 225
nameif outside.225
security-level 0
ip address x.x.x.225 255.255.255.248
!
ip local pool vpn-pool 10.1.1.1-10.1.1.255 mask 255.255.255.0
!
access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 10.1.1.0 255.255.255.0
!
nat (inside) 0 access-list NONAT
!
route outside.225 0.0.0.0 0.0.0.0 x.x.x.230 1
!
crypto isakmp enable outside.225
!
group-policy Webvpn-Policy internal
group-policy Webvpn-Policy attributes
wins-server value 172.16.0.100
dns-server value 172.16.0.100
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
default-domain value local
webvpn
svc required
svc keep-installer installed
svc rekey time 30
svc rekey method ssl
svc dpd-interval client 500
svc dpd-interval gateway 500
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: