Accessing lan with ASA VPN

Unanswered Question
Jan 30th, 2008

When i connect the client says lan Access is disabled and the check box in the client is checked but i am not able to ping any server in the lan. below is the ASA configuration.

ASA Version 7.0(6)

!

hostname HCASA

domain-name default.domain.invalid

enable password xxx

names

name 172.19.134.34 i_ibrahim

name 172.19.134.35 i_wael

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 83.x.x.178 255.255.255.240

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 172.19.134.22 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

no ip address

management-only

!

passwd xxx

ftp mode passive

dns domain-lookup outside

dns name-server 213.42.20.20

access-list acl_out extended permit icmp any any

access-list Local_LAN_Access remark VPN Client Local LAN Access

access-list Local_LAN_Access standard permit host 0.0.0.0

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool vpnpool 172.19.134.61-172.19.134.70 mask 255.255.255.0

no failover

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 172.19.134.0 255.255.255.0

access-group acl_out in interface outside

route outside 0.0.0.0 0.0.0.0 83.111.191.177 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy afhcvpn internal

group-policy afhcvpn attributes

dns-server value 172.19.134.2

vpn-tunnel-protocol IPSec

split-tunnel-policy excludespecified

split-tunnel-network-list value Local_LAN_Access

default-domain value test.com

webvpn

username username password password encrypted privilege 15

username username password password encrypted

http server enable

http i_wael 255.255.255.255 inside

http 172.19.134.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 10 set transform-set esp-3des-sha

crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds

288000

crypto dynamic-map outside_dyn_map 10 set reverse-route

crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp nat-traversal 20

tunnel-group afhcvpn type ipsec-ra

tunnel-group afhcvpn general-attributes

address-pool vpnpool

tunnel-group afhcvpn ipsec-attributes

pre-shared-key *

telnet i_wael 255.255.255.255 inside

telnet i_ibrahim 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 50

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:xxx

HCASA#

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Fri, 02/01/2008 - 11:26

It doens't appear that you assigned the group policy to the tunnel group.

tunnel-group afhcvpn general-attributes

default-group-policy afhcvpn

Actions

This Discussion