03-26-2009 08:40 PM
Hi all,
I've got a one person office using an ASA5505 in NEM. This ASA5505 connects to an ASA5520 at the office. My understanding is that I should be able to connect to any device on the LAN side of the ASA5505 from the LAN side of the ASA5520. I am not able to initiate a connection to any devices from the LAN side of the ASA5520 to the LAN side of the ASA5505. The LAN side of the ASA5505 is able to connect to devices on the LAN side of the 5520. However, if I have a PC on the LAN side of the ASA5505 ping my computer (on the LAN side of the ASA5520), I am able to connect. Essentially, the tunnel only seems to work one way. The logs on the ASA5520 show that it accepts pings on the LAN side but the ASA5505 doesn't receive the ping requests at all. I do have a route to the subnet of the LAN side of the ASA5505 on the default gateway on the LAN side of the 5520. What am I missing?
Thanks
Victor
03-27-2009 01:02 AM
Hi Victor,
Are you not able to initiate the tunnel fom the ASA 5520 or is that when the tunnel is established you are not able to reach the lan side of ASA 5505.
Regards,
Nitin
03-27-2009 07:46 AM
Hi Nitin,
Thanks for the reply.
The ASA5505 is set to Easy VPN mode so it always initiates the connection. The 5520 does not initiate the connection.
Best regards
Victor
03-27-2009 02:13 AM
show the configurations
03-27-2009 05:51 AM
I could suppose that in the configurations you have something like
nat(inside) 0 a.a.a.0 255.255.255.0
you should replace it with
nat(inside) 0 access-list NO-NAT-INSIDE
access-list NO-NAT-INSIDE permit ip a.a.a.0 255.255.255.0 b.b.b.b 255.255.255.0
03-27-2009 10:20 AM
Thanks for the reply.
I have
nat (Inside) 0 access-list Inside_nat0_outbound
access-list Inside_nat0_outbound extended permit ip 192.168.230.0 255.255.255.0 object-group Internal_Networks
Object group Internal_Networks has the subnet of the LAN side of the ASA5505.
Attached are the configurations.
Thanks!
04-01-2009 03:58 PM
Problem was solved. On the remote ASA 5505 I needed the command 'vpnclient nem-st-autoconnect'
Thanks!
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide