Cisco VPN client not working from behind ASA.

Unanswered Question
Dec 5th, 2008

Hi,

We have two Sites R1 and R2 are connected to Internet.

Host from site R1 ( user 1) is connected to ASA2 outside interface via cisco VPN client .

User get connected to ASA 2 VPN but is not able to access the remote site network. It gets a ip form the pool defined in the ASA2. ( but is do not receive default gateway).

As Host user1 is getting connected to ASA2 by VPN connectivity , internal ip address of user1 undergoes NAT ( and global) in ASA1.

So now user machine has two IP address first is the normal LAN Ethernet IP address and second which it gets from ASA2 VPN pool.

Most likely it is due to NAT traversal that the user1 IP undergoes while connecting to ASA2. When it was connected by direct internet connectivity ( DSL Brodaband Cable) everything works well as user1 gets a real public address from ISP.

Any experience please share.

Thanks in advance.

Subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bapatsubodh Fri, 12/05/2008 - 08:17

Hi,

we are not using the same IP subnet on both sides?

we have configured Split-tunnel oon our ASA ( ASA1 do we need some ) do we need to add this remote networks in this?

Do we need to do some settings at remote ASA ( that is ASA2 ) also.

we dont have site-to-site ( lan-to-lan ) connectivity between ASA1 and ASA2.

Thanks

Subodh

bapatsubodh Fri, 12/05/2008 - 12:05

Hi,

Yes, It does know as , when connected with DSLBroadband modem it gets the IP from the same pool and work fine.

I think it is some thing to do with IPSEC with NAT traversal enabled.

Please share ur experience.

Thanks

Subodh

mathias.mahnke Sat, 12/06/2008 - 12:19

Some time ago I had the same issue. Enable IPSEC NAT-T capability on the VPN server headend and everything was working fine for Cisco VPN clients behind a router / ASA.

Actions

This Discussion