No access to private LAN via VPN using Vodafone 3G

mwilkinson · ‎04-29-2009

Hi

We've had an ASA 5520 installed which is fine for all users who are coming in over wired and wireless broadband. All of these users, once they have authenticated to the VPN, can login to the private network (10.x.x.x). All well and good.

3G users are a different matter! All of these are able to authenticate to the VPN without any problems, however, access to the private LAN is not possible. I can't even ping anything on the 10.x.x.x.

Our setup is like this

User--->Internet----->ASA 5520------>LAN

Is it because the Vodafone 3G cards get assigned a 10.4x.x.x address and therefore this is causing a conflict with the local LAN

Any help much appreciated

Miles

cmcbride · ‎05-01-2009

If the Vodafone 3G cards allocate an IP network that's the exact same as the private network they're trying to connect to through the VPN then you'll have problems. Largely because it's a basic TCP/IP routing problem for the host systems. But it should only cause problems for the exact subnet that they get allocated when they connect to the 3G network.

Alternately the problem may be due to filtering on the 3G network. Ensure Nat Traversal is enabled (this is default enabled on 8.x) as well.

crypto isakmp nat-traversal 20

iancalderbank · ‎05-15-2009

very likely yes. I'm designing/testing this exact same sort of thing for a UK client at the moment. If you can get a 3G APN that gives you a public IP, and then VPN's all "just work". There are APN's in the UK that do this, but they aren't well publicised, and you may well need to ask the 3G carrier to enable it on the SIM.

tested+working

Three UK - APN 3internet

T Mobile UK - APN vpn.t-mobile.uk

untested but researched

Vodafone UK - APN mylan

O2 UK - APN vpn.o2.co.uk

cheers,

Ian