ASA 5505 VPN over cellular modem doesn't work

Unanswered Question

I just posted a question yesterday that was answered quickly. Thanks.

I have the VPN up and running now except for one problem. Users trying to connect over cellular modems (Dell Mobile Wireless on AT&T) get connected but then cannot get anywhere, either external or internal.

I have verified this with myself and another user. If I use the cellular card I get connected then I can't access anything (no ping, no http, no telnet). If I disconnect and connect either over a wired or wi-fi lan connection it works...I can access internal services on the remote lan.

Another thing is I can access a VPN 3005 Concentrator over the cellular modem and it works fine.

This situation seems pretty strange. Can anyone help or shed some light?

config posted.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Sun, 06/22/2008 - 22:21

As per your last post u still cant access the internal lan..

"here's what I have now. I can still connect via the cisco client, I just can't do anything after it authenticates and connects. "

So now problem is only with cell right..wi-fi or lan works fine...?

I'll suggest you to try split tunnel ACL(same like nonat with different name) and call that acl in group-policy with tunnelspecified,see if it works or not...

Regards,

Farrukh Haroon Sun, 06/22/2008 - 22:28

Did you really put this command as stated in your last post? I don't see it in your oonfig. Please try to put it now:

crypto isakmp nat-traversal 10

Regards

Farrukh

I added crypto isakmp nat-traversal 10 to the config. Still doesn't work. I'm leaning more towards this being an issue with the drivers from Dell as I have been able to connect and have the VPN function as it should from a wired or wi-fi connection.

The only thing that goes against that is I can connect to 2 different 3005 concentrators over the cellular modem and it works fine.

I notice when I connect to the ASA if I do an IPCONFIG/ALL I have default gateways on both the cellular (PPP) connection and the Virtual adapter connection. Shouldn't I only have one gateway which would be the one associated with the Cisco Virtual Adapter (the gateway is my ip address, as it should be).

Actions

This Discussion