Easy VPN Client on ASA5505 to Easy VPN Server on 1800 router help?

Unanswered Question
Apr 7th, 2009


I've got an ASA5505 which I'm trying to setup as a mobile hardware vpn client for sales guys to take with them when they travel. So, they'd plug this ASA5505 into their hotel internet feed, and it would VPN back to the main site without any site specific configuration needed.

On the ASA5505 outside, it's set for DHCP, the inside of the ASA is set for 192.168.101.x.

I've tried both client and network extension mode, and in both, the VPN light comes on the ASA to show it's connected, but from any client connected to the LAN of this ASA, they can't ping resources at the head site. Internet connectivity behind this ASA works fine. Software based remote access VPN clients to the main site work fine and can ping the same resources this hardware client is trying to. Can anyone provide some documents details how to setup the IOS Easy VPN Server...as I think my client configuration is correct;

vpnclient server 2xx.x.xxx.xxx

vpnclient mode client-mode

vpnclient vpngroup WMLVPN password ********

vpnclient username remote1 password ********

vpnclient enable

Is there something I'm missing? Or something funny between an ASA and IOS? I have no problem setting up software clients, or static site to site VPN tunnels, but this is my first hardware client and I'm totally stumped. I've tried messing around with the nat exemption list on the head end, denying NAT on the traffic destined for both the actual remote LAN (192.168.101.x) and the VPN pool given address...which I think is where my problem is...

Any ideas? Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 04/08/2009 - 06:07

Can you get the "show crypto ipsec sa" from both ASA and router, and the "show crypto ipsec client ezvpn" from the asa when this happens. Also can you paste both complete configs here?

jasonhumes Wed, 04/08/2009 - 09:23

Would you perhaps have a sample config yourself...the headend router is quite a configuration with many vpn tunnels and clients...so it would be a huge pain to clean up for posting, and hard for you to follow. It might be easier if you can point me towards an example if one exists. If not, perhaps you can help me off the forums. Let me know how you can help. Thanks.


This Discussion