Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco VPN client not working from behind ASA.

Hi,

We have two Sites R1 and R2 are connected to Internet.

Host from site R1 ( user 1) is connected to ASA2 outside interface via cisco VPN client .

User get connected to ASA 2 VPN but is not able to access the remote site network. It gets a ip form the pool defined in the ASA2. ( but is do not receive default gateway).

As Host user1 is getting connected to ASA2 by VPN connectivity , internal ip address of user1 undergoes NAT ( and global) in ASA1.

So now user machine has two IP address first is the normal LAN Ethernet IP address and second which it gets from ASA2 VPN pool.

Most likely it is due to NAT traversal that the user1 IP undergoes while connecting to ASA2. When it was connected by direct internet connectivity ( DSL Brodaband Cable) everything works well as user1 gets a real public address from ISP.

Any experience please share.

Thanks in advance.

Subodh

5 REPLIES

Re: Cisco VPN client not working from behind ASA.

Questions:-

1) Are you using the same IP subnet both sites?

2) Have you configured "sp0lit-tunneling" on the client VPN?

3) Do you have a VPN between ASA1 and ASA2 ?

HTH>

Community Member

Re: Cisco VPN client not working from behind ASA.

Hi,

we are not using the same IP subnet on both sides?

we have configured Split-tunnel oon our ASA ( ASA1 do we need some ) do we need to add this remote networks in this?

Do we need to do some settings at remote ASA ( that is ASA2 ) also.

we dont have site-to-site ( lan-to-lan ) connectivity between ASA1 and ASA2.

Thanks

Subodh

Re: Cisco VPN client not working from behind ASA.

Do the routing/switching devices on the ASA2 site know how to route to the VPN IP Pool address subnet?

Community Member

Re: Cisco VPN client not working from behind ASA.

Hi,

Yes, It does know as , when connected with DSLBroadband modem it gets the IP from the same pool and work fine.

I think it is some thing to do with IPSEC with NAT traversal enabled.

Please share ur experience.

Thanks

Subodh

Community Member

Re: Cisco VPN client not working from behind ASA.

Some time ago I had the same issue. Enable IPSEC NAT-T capability on the VPN server headend and everything was working fine for Cisco VPN clients behind a router / ASA.

164
Views
0
Helpful
5
Replies
CreatePlease to create content