11-04-2009 09:51 AM
I have Cisco ASA5505 that I'm trying setup VPN access to and I'm having the hardest problem with it. The VPN tunnel connects and the logs show PHASE 1 completed. But whenever I try and make any connection to the internal lan I get nothing.
I have tried messing with NAT, and ACCESS-LIST but I still got nothing. Any help would be appreciated..
11-04-2009 10:55 AM
11-05-2009 12:36 AM
The address pool for your vpn clients overlaps your internal network:
ip local pool vpn_pool 192.168.10.1-192.168.10.10 mask 255.255.252.0
Try changing this (and the corresponding nat0 acl) to something like 172.16.0.1-10 (or 192.168.32.1-10 or whatever, as long as it does not overlap any other network).
If you still have a problem, check the ASA logs (Does it show phase 2 as complete, does it show any errors about your test traffic), and check the counters (encrypt, decrypt) on both the client and on the ASA ("show crypto ipsec sa"),
hth
11-06-2009 11:17 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: