Easy VPN issue

Unanswered Question
Jun 24th, 2008

Hi,

I'm facing an issue while doing easy VPN with network extension mode.


I have a setup


192.100.100.0/24 ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router 192.168.16.1-----192.168.16.21 outside (ASA5505 remote) inside 192.168.1.0/24



I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.


I cannot reach to the server LAN(192.100.100.0/24) from the remote(192.168.1.0/24) and Vice versa



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Mon, 06/30/2008 - 00:08

hi,

your ACL should be like this..

access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.100.100.0 255.255.255.0.


and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.


just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.


Let see it works

kaachary Mon, 06/30/2008 - 09:14

Can you post the output of :


sh cry ipsec sa

sh vpnclient


from the EZvPN client.

Actions

This Discussion