02-14-2013 11:28 AM
I have one user who is unable to Access Remote Network resources when connected to the VPN on his home network. VPN shows connected and he is given a remote IP from the VPN Pool, but he cannot ping any IP on our network. When connected using Sprint Wi-Fi card he is able to connect and access remote network from the same laptop. Maybe there is some network overlap that I am missing.
Please see attached firewall config (zzz... being firewall public IP) and remote user route table.
ASA 5505
VPN Client 5.0.07.0290
Your help is much appreciated.
02-15-2013 10:51 AM
Is the User Router table printed out while connectiong from Sprint or your network? I would also start by comparing the user route table in both connection modes
02-15-2013 10:56 AM
I believe the issue is with the ISP. We are leveraging IPSEC on the VPN and it appears port 500 is being blocked on his end. VPN Statstics are showing he is sending but not receiving. We were told by his ISP to switch to a commercial internet account to resolve.
02-15-2013 11:05 AM
Based on your first post, the tunnel comes up. That tells me udp port 500 is not blocked.
02-15-2013 11:17 AM
Is everything correct with routing from your internal network back to the vpn address-pool subnet?
02-15-2013 12:28 PM
Yes, I believe the routing is correct, VPN Statistics is showing Secured Routes to our two internal networks (172.20.0.0 and 172.30.0.0). Tunnel Detail shows Bytes received but none Sent. I don't believe there is any network overlap either, user is given a 74.195.255.0/24 address and we assign a 172.29.151.0/24 address from the VPN Pool.
I ran across this document https://supportforums.cisco.com/docs/DOC-10272, when I tested it failed on port 500.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: