Hosts on corporate network unable to connect to VPN client

Unanswered Question
May 15th, 2008

I've got an ASA 5505 set up as an IPSec-VPN server. The VPN client is able to connect okay and can initiate TCP sessions with hosts on the corporate network. But those hosts cannot initiate TCP sessions with the client; the ASA rejects their packets instead of sending them through the encrypted tunnel.

This sounds like a firewall configuration problem. But the ASA is not set up to firewall VPN connections at all, as far as I can tell.

Can anyone explain what's wrong or where I should look?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
AlanStern79 Mon, 05/19/2008 - 08:25

Thanks for the feedback.

The client is a Mac running OS-X. Firewalling is turned off; there's no trouble connecting to the client when it is plugged directly into the corporate network.

The "no-nat" rules on the 5505 look like this:

access-list inside_nat0_outbound extended permit ip any 10.170.30.0 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

Here 10.170.30.0/24 is the IP pool dedicated to the VPN. There are no other NAT-related lines in the 5505's configuration.

Actions

This Discussion