Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 7.2.2 - Problems VPNs Remote Access

HI,

I?m trying to configure VPNs Remote Access in a ASA 7.2.2. However, they doesn?t work, so can anybody tell me, the following topics:

What commands can I use to do thoubleshooting?. I use "debug crypto ipsec", "debug crypto sa",...but I don?t see nothing in ASA.

- The subnet used by the remote clients has to be an internal network. So, have I to route this subnet towards inside?. I have serveral internal networks, and the ASA Interface inside is in a different subnet internal.

Is there any good sample document about these topics?

Thank you very much

Best Regards

7 REPLIES
New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

This link describes how to turn your ASA into a VPN server using ASDM:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Also, you stated that nothing showed up on the debugs, that leads me to believe that the udp 500/4500 (IKE) traffic is not making it to the ASA (ISP issue) ir that you dont have isakmp and/or a crypto map applied to the outside interface.

Please let me know if this helps.

Bryan

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

You might also check your NATing. Make sure the remote subnets are either NATed to something you route or you have a NO NAT statement that allows them to remain intact on your network.

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

Ok, thank you very much.

I have done like it appears in the document, and the vpn works well. However, I have an important problem.

When the vpn client is connected, the ASA (it seems), that block all tcp connections between, from inside to outside.

Have you any times a similar problem?.

Thank you very much.

Best Regards.

Nuria

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

Therre are some good documents online. I have one set up with an ASA running 7.2.1. The pool resides onthe ASA and is routed to it so the replies reture to it. Are you using the normal cisco vpn client?

Marty Barron

Looks like this

inet ->asa -->in<-- route to vpn addresses

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

Did you turn on "logging monitored" ? Also take a look at Document ID: 70330, should solve your problem.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

post your config

New Member

Re: ASA 7.2.2 - Problems VPNs Remote Access

use command sysopt ipsec permit

that way vpn traffic will not be inspected

182
Views
0
Helpful
7
Replies