Solved: vpn works locally, but not remotely

Daniel Davidson · ‎06-25-2010

I have our ASA 5510 set up to create a vpn for our users. When I test it locally it works fine, but when I try to use it remotely it will not work. Additionally port 500 is open locally, but not remotely. What am I missing? I have been told that there are no firewalls in place that would affect me.

Dan

Federico Coto Fajardo · ‎06-25-2010

You say port 500 (UDP) is not open remotely.

How do you expect for a client to connect if UDP 500 is not open on the client side?

Federico.

View solution in original post

Federico Coto Fajardo · ‎06-25-2010

Daniel.

The ASA by will respond and accept remote IPsec connections (if configured).

On the client side you need to make sure that there are no restrictions for UDP 500/4500 and ESP.

Is the client able to establish the tunnel? You can check this with two commands:

sh cry isa sa

sh cry ips sa

If the tunnel is established you need NAT-T to pass traffic normally.

Federico.

Daniel Davidson · ‎06-25-2010

If the clients cannot connect to port 500, then they cannot connect to the service, so when connecting remotely, the commands you mentioned do not show a connection. When I connect locally, it does show the connection as accpected though. I am using the same laptop to connect at both locations, so I know the settings are the same.

Federico Coto Fajardo · ‎06-25-2010

You say port 500 (UDP) is not open remotely.

How do you expect for a client to connect if UDP 500 is not open on the client side?

Federico.

Daniel Davidson · ‎06-25-2010

By remotely, I mean that if I do an nmap -p 500 -sU, I show port 500 being open locally, when I leave and connect to another network, it does not show open there. I am not firewalling the port remotely, I just am saying I cannot see it open from there.

Dan

Federico Coto Fajardo · ‎06-25-2010

Could it be the ISP on the client side blocking the traffic?

Federico.