07-15-2010 10:47 PM
Hi All
Recently setup ASA 5505 as Firewall and easy VPN server. Everything seems to be fine except that remote vpn users can't ping any users on the local LAN. Their Internet connection by the way is Static PPPOE and no default gateway was given by the ISP. Internet connection is fine though. Checking Routing tables after establishing VPN shows a route towards the remote vpn users. One more thing "show isakmp sa" shows no decaps occuring, only encaps.Have attached the config for reference. Any advice is really appreciated.
Thanks!
07-16-2010 09:17 AM
can you try the following
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
sysopt connection permit-vpn
can u please attach the show tech so that we can take a look at the ipsec sa
also can you see in the vpn client routing table if you see the routes, and also do you see any packet transmitted in the statistics on the vpn client
also you can check with your ISP if in case they have port 4500 blocked in 1 direction
Also as additional troubleshooting, you can run wireshark on your PC and see if you PC is getting and sending packets on 4500, and also you can apply captures on firewall outside interface and see you are recieving and sending data on port 4500
07-20-2010 06:57 PM
Hi Jathaval,
Was able to make it work. I think I may have also failed to check ICMP inspection on the policy map.Thanks for the inputs!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide