Remote VPN using ASA 5510 --newzion123

Unanswered Question
Apr 23rd, 2009
User Badges:

Hi,


I have configured Remote VPN access terminating at ASA5510 successfully.Remoye client is getting the IP assigned by the ASA,but that I am not able to ping the ASA inside Interface IP address and not able to ping any PCs which are in inside network from the remote client through the tunnel.

But where as I can ping the remote client's ip address from the ASA.


I am using des,md5 and group2.



Can any one help me to resolve this issue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Wed, 04/29/2009 - 06:22
User Badges:
  • Bronze, 100 points or more

Check whether "NAT traversal" command is enabled on the router. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance.


http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

srue Wed, 04/29/2009 - 06:48
User Badges:
  • Blue, 1500 points or more

you won't be able to access the inside asa interface w/o the 'management access inside' command.

For the other pings that aren't working, try enabling icmp inspection for starters...

are you using the command 'sysopt connection permit-vpn'?

robbie.teo Tue, 05/05/2009 - 21:50
User Badges:

hi guys,

i faced this problem too.

I set up using the ipsec vpn wizard

will that work?

nomair_83 Wed, 05/06/2009 - 00:11
User Badges:
  • Bronze, 100 points or more

Make sure that NAT exemption is configured i.e you don't need to do NAT for internal PC's when it is going towards VPN users Pool.



robbie.teo Wed, 05/06/2009 - 00:17
User Badges:

yes. That one is exempted. Anything else i can check?

nomair_83 Wed, 05/06/2009 - 00:36
User Badges:
  • Bronze, 100 points or more

nat-traversal, sysopt connection permit vpn ???


then make sure that your internal core switch has route towards vpn users pool




robbie.teo Thu, 05/07/2009 - 08:50
User Badges:

Can asa 5510 support site-site vpn and remote vpn concurrently?

Coz i gt 1 5510 set up remote vpn without any issue.

But the one with abt 19 site-site vpn encountered problem on remote vpn client

Actions

This Discussion