Problem with Remote Access and ping

Unanswered Question
Mar 5th, 2010

Hi, I have a strange problem  with remote access vpn to Cisco ASA5505 from Cisco VPN Client ver. 5.0.05.0290-k9.
From a few PC I haven't problem, the vpn connection and ping to LAN are ok but on ohters PC the vpn connection is ok but after connection the ping to LAN is failed !, on the same PC (where I have a problem with ping) if I use analog modem (instead of Internet KEY USB) I haven't problem with ping !
On all remote PC I have Windows XP with the latest update.
My conf is:

interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.63 255.255.255.0
!

access-list farmvpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list inside_access_in remark rules per far uscire la lan verso internet
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.1.80 255.255.255.240
access-list farmvpn1_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
ip local pool IP_VPN 192.168.1.83-192.168.1.93 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.y.92.185 1
timeout xlate 3:00:00
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
group-policy farmvpn internal
group-policy farmvpn attributes
dns-server value 192.168.1.248 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value farmvpn_splitTunnelAcl
group-policy farmvpn1 internal
group-policy farmvpn1 attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value farmvpn1_splitTunnelAcl
username clientvpn password pGkQH5xxxUs1cWo encrypted privilege 0
username clientvpn attributes
vpn-group-policy farmvpn
username clienvpn1 password pGkQH5xxxUs1cWo encrypted privilege 0
username clienvpn1 attributes
vpn-group-policy farmvpn1
tunnel-group farmvpn type remote-access
tunnel-group farmvpn general-attributes
address-pool IP_VPN
default-group-policy farmvpn
tunnel-group farmvpn ipsec-attributes
pre-shared-key *
tunnel-group farmvpn1 type remote-access
tunnel-group farmvpn1 general-attributes
address-pool IP_VPN
default-group-policy farmvpn1
tunnel-group farmvpn1 ipsec-attributes
pre-shared-key *
!

Thanks.

-

Salvatore.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content