EZvpn 851 to ASA 5510 Version 8.0

Unanswered Question
May 20th, 2008
User Badges:

OK, I am stumped. I created the VPN connection, have it auto xauth, VPN comes up, but I cant route. What do I need to do the get routing established?

The networks I need to reach are, .1.0, .2.0, and .3.0 /24 which are behind the ASA, the remotes will be, 16, 32, and 48 /28.

I followed http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

and get NEM_Remote_Subnets= 10.14 on the 851, but cant ping across from a machine behind the 851 to a server behind the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tahequivoice Thu, 05/22/2008 - 11:14
User Badges:

I found the problem, the document I linked to has an error.

access-list Split_Tunnel_List standard permit

This is supposed to push what traffic to encrypt to the client, but it is the clients network that is listed. Once I discovered that I had the wrong network being sent to the client, the split tunnel started working. The correct ACL should be

access-list Split_Tunnel_List standard permit which is the network of the ASA.

Once I got split tunneling working, it was a matter of getting the no nat working since there are more than 3 remote 800 routers using Ezvpn to connect to this ASA along with Cisco VPN clients.


This Discussion