Use of LANDESK over an ASA VPN Tunnel

joedimattio · ‎07-27-2010

Hello,

I'm having a problem connecting our LANDESK application to remote users on a VPN tunnel.

The head device is an ASA5520 (v8.2.1), while the remote users are on a tunnel created by an ASA 5505 (v7.2.4).

While the remote office users connect well to to email, fileshares, etc., the home office can't loop them up with LANDESK.

The LANDESK server could ping the users, and vice-versa, but that's about it.

I'm guessing (a big guess) that it might have something to do with the policy maps in each ASA:

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect icmp

inspect snmp

inspect dcerpc

!

service-policy global_policy global

Although I have no idea if this is the case.

Could someone point me in the right direction?

Thanks!

edadios · ‎07-27-2010

I suggest doing packet capture on both Landesk facing interfaces of the firewall, and trace where the conversation stops.

Then if you find it is related to the firewall, then use packet tracer to drill further to the cause of the issue (if it is mpf related). Usingaddreses, the protocol and ports being used to simulate the traffic through packet tracer.

Hope this helps yo get further.