I have set up a Remote Access VPN using IPSEC on an ASA 5550. All group and user configurations are completed. A VPN session is establised using Cisco Client software, but I am not able to access the internal network. Any suggestions?
check the following:
- ACL's on the interface
- NAT rules
- routes on the internal destination, make sure it knows how to get back to the ASA, either by default GW or specific route to the VPN pool subnet (assigned IP address)
- make sure you don't use a VPN-filter
- try to assign a specific IP address to a user and test
- capture tool on the ASA is very useful to see if you are getting a response from the destination
- look for anything suspicious in the log
Address space overlaps can be cumbersome to troubleshoot, especially if you use a lot or object groups.
Also to avoid ARP issues, try to use a subnet other then the inside assigned netblock. I've also seen duplicate IP address and all sorts of strange things.