vpn works locally, but not remotely

Answered Question
Jun 25th, 2010

I have our ASA 5510 set up to create a vpn for our users.  When I test it locally it works fine, but when I try to use it remotely it will not work.  Additionally port 500 is open locally, but not remotely.  What am I missing?  I have been told that there are no firewalls in place that would affect me.

Dan

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 5 months ago

You say port 500 (UDP) is not open remotely.

How do you expect for a client to connect if UDP 500 is not open on the client side?

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Fri, 06/25/2010 - 11:08

Daniel.

The ASA by will respond and accept remote IPsec connections (if configured).

On the client side you need to make sure that there are no restrictions for UDP 500/4500 and ESP.

Is the client able to establish the tunnel? You can check this with two commands:

sh cry isa sa

sh cry ips sa

If the tunnel is established you need NAT-T to pass traffic normally.

Federico.

Daniel Davidson Fri, 06/25/2010 - 11:21

If the clients cannot connect to port 500, then they cannot connect to the service, so when connecting remotely, the commands you mentioned do not show a connection.  When I connect locally, it does show the connection as accpected though.  I am using the same laptop to connect at both locations, so I know the settings are the same.

Correct Answer
Federico Coto F... Fri, 06/25/2010 - 13:32

You say port 500 (UDP) is not open remotely.

How do you expect for a client to connect if UDP 500 is not open on the client side?

Federico.

Daniel Davidson Fri, 06/25/2010 - 13:57

By remotely, I mean that if I do an nmap -p 500 -sU, I show port 500 being open locally, when I leave and connect to another network, it does not show open there.  I am not firewalling the port remotely, I just am saying I cannot see it open from there.

Dan

Actions

This Discussion