Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
1
Helpful
3
Replies

remote access VPN ASA 5505

mbraun_saxeed
Level 1
Level 1

‎02-05-2008 04:43 AM - edited ‎02-21-2020 03:32 PM

Hi,

I have configured remote access VPN in my CISCO ASA 5505 SW Version 7.2(2). It's working fine, i get ip address from vpn_pool, can connect to

internal hosts and use services there. But if i connect to external ressources (e.g. internet->website), no connection is set up.

First, ASDM Log shows the error message:

13:11:54 302014 192.168.1.150 209.85.135.104 Teardown TCP connection 147256 for outside:192.168.1.150/2122 to outside:209.85.135.104/80 duration 0:00:00 bytes 0 Flow is a loopback (vpn_user)

After entering "same-security-traffic permit inter-interface" and "same-security-traffic permit intra-interface",

ASDM Log shows now the error message:

13:13:17 302013 192.168.1.150 209.85.135.103 Built inbound TCP connection 147281 for outside:192.168.1.150/2127 (192.168.1.150/2127) to outside:209.85.135.103/80 (209.85.135.103/80) (vpn_user)

13:13:47 302014 192.168.1.150 209.85.135.103 Teardown TCP connection 147281 for outside:192.168.1.150/2127 to outside:209.85.135.103/80 duration 0:00:30 bytes 0 SYN Timeout (vpn_user)

Any ideas how to solve this problem and how to connect to external ressources using remote access VPN (without SplitTunneling)?

Thanks.

Regards,

M.Braun

--

attached ASA Config

Labels:
23415-asa.config
0 Helpful
3 Replies 3

attrgautam
Level 5
Level 5

‎02-05-2008 05:57 AM

Here is a sample configuration of split tunneling

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

And yes, it is a good way of allowing Internet and VPN on the same end host. However, I am still trying to see why your configuration is not working....

0 Helpful

mbraun_saxeed
Level 1
Level 1
In response to attrgautam

‎02-07-2008 02:12 AM

Thank you for the link. I will try it. I hope you will find the error in my config.

Thanks in advance, Braun.

0 Helpful

husycisco
Level 7
Level 7
In response to mbraun_saxeed

‎02-07-2008 04:01 PM

Hi Markus

Do the following modification in your config

access-list split_t permit ip 192.168.1.0 255.255.255.0 192.168.1.128 255.255.255.192

group-policy vpn_1 attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_t

Keep in mind that using a VPN pool subnet which is covered by your inside interface is a handicap for possible further configurations

Regards

Customers Also Viewed These Support Documents