Use of LANDESK over an ASA VPN Tunnel

Unanswered Question
Jul 27th, 2010
User Badges:


I'm having a problem connecting our LANDESK application to remote users on a VPN tunnel.

The head device is an ASA5520 (v8.2.1), while the remote users are on a tunnel created by an ASA 5505 (v7.2.4).

While the remote office users connect well to to email, fileshares, etc., the home office can't loop them up with LANDESK.

The LANDESK server could ping the users, and vice-versa, but that's about it.

I'm guessing (a big guess) that it might have something to do with the policy maps in each ASA:

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

  inspect icmp

  inspect snmp

  inspect dcerpc


service-policy global_policy global

Although I have no idea if this is the case.

Could someone point me in the right direction?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
edadios Tue, 07/27/2010 - 15:34
User Badges:
  • Silver, 250 points or more

I suggest doing packet capture on both Landesk facing  interfaces of the firewall, and trace where the conversation stops.

Then if you find it is related to the firewall, then use packet tracer to drill further to the cause of the issue (if it is mpf related). Usingaddreses, the protocol and ports being used to simulate the traffic through packet tracer.

Hope this helps yo get further.


This Discussion

Related Content