EZvpn 851 to ASA 5510 Version 8.0

Unanswered Question
May 20th, 2008

OK, I am stumped. I created the VPN connection, have it auto xauth, VPN comes up, but I cant route. What do I need to do the get routing established?

The networks I need to reach are 10.14.0.0/24, .1.0, .2.0, and .3.0 /24 which are behind the ASA, the remotes will be 10.14.5.0, 16, 32, and 48 /28.

I followed http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

and get NEM_Remote_Subnets=10.14.5.0/255.255.255.240 10.14 on the 851, but cant ping across from a machine behind the 851 to a server behind the ASA.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tahequivoice Thu, 05/22/2008 - 11:14

I found the problem, the document I linked to has an error.

access-list Split_Tunnel_List standard permit 192.168.10.0 255.255.255.0

This is supposed to push what traffic to encrypt to the client, but it is the clients network that is listed. Once I discovered that I had the wrong network being sent to the client, the split tunnel started working. The correct ACL should be

access-list Split_Tunnel_List standard permit 10.10.10.0 255.255.255.0 which is the network of the ASA.

Once I got split tunneling working, it was a matter of getting the no nat working since there are more than 3 remote 800 routers using Ezvpn to connect to this ASA along with Cisco VPN clients.

Actions

This Discussion