×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Vpn Problem with ASA 7.04

Unanswered Question
Jan 19th, 2006
User Badges:

I have a problem with vpn client access and local ip pool. In Pix version 6.3x when i created ip local pool an object was also created under Hosts/Network and there was no problem to give this object (ip pool) access outside_access_in , but

in my ASA 7.04 there are no object created under Hosts/Networks. I have tried to use a filter (Filter_Av_10) under "Group-Policy" but i can´t get any traffic trough (see configuration below). It´s only working when i give the network 10.1.1.0/25 (ip pool) access outside_access_in (in Security Policy), is this the right way to do this?.

Could someone please explain this to me.


access-list Inside_access_in extended permit ip any any

access-list Outside_access_in extended permit icmp any any echo-reply

access-list Outside_access_in extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0

access-list Filter_Av_10 extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0

access-list easyv_av_butiker_splitTunnelAcl standard permit 192.0.0.0 255.255.255.0

access-list Outside_cryptomap_dyn_20 extended permit ip 192.0.0.0 255.255.255.0 10.1.1.0 255.255.255.128

global (Outside) 10 interface

global (DMZ) 10 interface

nat (DMZ) 10 192.0.3.0 255.255.255.0

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 10 192.0.0.0 255.255.255.0

access-group Outside_access_in in interface Outside

access-group DMZ_access_in in interface DMZ

access-group Inside_access_in in interface Inside

access-group management_access_in in interface management

group-policy easyv_av_butiker internal

group-policy easyv_av_butiker attributes

vpn-filter value Filter_Av_10

split-tunnel-policy tunnelspecified

split-tunnel-network-list value easyv_av_butiker_splitTunnelAcl

webvpn

username xxx password xxx encrypted privilege 15

username xxx password xxx encrypted privilege 0

username xxx attributes

vpn-group-policy easyv_av_butiker

webvpn

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group easyv_av_butiker type ipsec-ra

tunnel-group easyv_av_butiker general-attributes

address-pool pool_10

default-group-policy easyv_av_butiker

tunnel-group easyv_av_butiker ipsec-attributes

pre-shared-key *


/Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pradeepde Wed, 01/25/2006 - 06:48
User Badges:
  • Bronze, 100 points or more

To define the VPN Clients' IP address pool, perform the following tasks


Define the VPN Client's Local IP Address Pool

Reference the Local IP Address Pool to Reference IKE

Specify Gateway-initiated IKE Mode Configuration


The configuration given in the following url will give an idea to confiure VPN client.


http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_configuration_example09186a008017ee15.shtml

Actions

This Discussion