remote access VPN ASA 5505

Unanswered Question
Feb 5th, 2008

Hi,

I have configured remote access VPN in my CISCO ASA 5505 SW Version 7.2(2). It's working fine, i get ip address from vpn_pool, can connect to

internal hosts and use services there. But if i connect to external ressources (e.g. internet->website), no connection is set up.

First, ASDM Log shows the error message:

13:11:54 302014 192.168.1.150 209.85.135.104 Teardown TCP connection 147256 for outside:192.168.1.150/2122 to outside:209.85.135.104/80 duration 0:00:00 bytes 0 Flow is a loopback (vpn_user)

After entering "same-security-traffic permit inter-interface" and "same-security-traffic permit intra-interface",

ASDM Log shows now the error message:

13:13:17 302013 192.168.1.150 209.85.135.103 Built inbound TCP connection 147281 for outside:192.168.1.150/2127 (192.168.1.150/2127) to outside:209.85.135.103/80 (209.85.135.103/80) (vpn_user)

13:13:47 302014 192.168.1.150 209.85.135.103 Teardown TCP connection 147281 for outside:192.168.1.150/2127 to outside:209.85.135.103/80 duration 0:00:30 bytes 0 SYN Timeout (vpn_user)

Any ideas how to solve this problem and how to connect to external ressources using remote access VPN (without SplitTunneling)?

Thanks.

Regards,

M.Braun

--

attached ASA Config

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
mbraun_saxeed Thu, 02/07/2008 - 02:12

Thank you for the link. I will try it. I hope you will find the error in my config.

Thanks in advance, Braun.

husycisco Thu, 02/07/2008 - 16:01

Hi Markus

Do the following modification in your config

access-list split_t permit ip 192.168.1.0 255.255.255.0 192.168.1.128 255.255.255.192

group-policy vpn_1 attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_t

Keep in mind that using a VPN pool subnet which is covered by your inside interface is a handicap for possible further configurations

Regards

Actions

This Discussion