Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
3
Replies

Easy VPN issue

ajayvmccie
Level 1
Level 1

‎06-24-2008 11:57 PM

Hi,

I'm facing an issue while doing easy VPN with network extension mode.

I have a setup

192.100.100.0/24 ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router 192.168.16.1-----192.168.16.21 outside (ASA5505 remote) inside 192.168.1.0/24

I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.

I cannot reach to the server LAN(192.100.100.0/24) from the remote(192.168.1.0/24) and Vice versa

Labels:
Preview file
3 KB
Preview file
4 KB
0 Helpful
3 Replies 3

nomair_83
Level 3
Level 3

‎06-30-2008 12:08 AM

hi,

your ACL should be like this..

access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.100.100.0 255.255.255.0.

and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.

just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.

Let see it works

0 Helpful

kaachary
Cisco Employee
Cisco Employee

‎06-30-2008 09:14 AM

Can you post the output of :

sh cry ipsec sa

sh vpnclient

from the EZvPN client.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents