please find the running

saroj pradhan · ‎07-02-2014

Team,

i have configured IPSEC VPN Client on the Cisco ASA 5510 firewall and it was working fine.

i have changed the Outside interface IP Address of the ASA . Now able to connect the VPN with new IP Address but unable to access the Local LAN .Neither able to ping the LAN IP Address. The SSL VPN Client configured is working fine.

please help.

Regards,

Saroj Pradhan

Marius Gunnerud · ‎07-02-2014

When connected to the VPN, have you checked the logs to see if there is anything that might indicate why the connection is being dropped.

Might help to see your full running configuration (sanitised), perhaps there is a misconfiguration somewhere.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

saroj pradhan · ‎07-02-2014

please find the running config of the ASA.

Regards,

Saroj

Marius Gunnerud · ‎07-02-2014

At first glance your config looks fine.

How are you testing the connection? If using ping what IP are you pinging?

If you are testing by trying to ping the inside interface of the ASA you need to add the following command management-access inside

Please check the ASA logs when you connect to the VPN and report back what the connection states.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

saroj pradhan · ‎07-02-2014

After running the management-access inside command unable to ping the inside interface IP. Also after connect the vpn i tried to check the log but no error found.

regards,

Saroj

saroj pradhan · ‎07-02-2014

i try to ping the LAN IP Address 172.16.32.5 and Got RTO. But in ssl vpn Client its working fine.

i have changed the Outside interface Address few days back after that its not working.

Can i reconfigure the PCF file to connect the ipsec vpn or it will work after change the new ip address in the existing pcf file.

Regards,

Saroj

Marius Gunnerud · ‎07-02-2014

is the PC connected to 172.16.32.5 a windows PC? If so did you disbale windows firewall or any other software firewall installed on the PC before testing?

if you issue the command management-access inside on the ASA, are you able to ping the ASA inside interface.

You should be able to reconfigure the PCF to connect to the IPsec VPN...and you should be able to edit the existing PCF file...either way it should work. Have you tried creating a new VPN profile in the VPN client and see if that works?

please check the logs on the ASA, it might give a hint as to what is going on. Also you might want to do a packet capture for the VPN traffic:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎07-02-2014

Can you verify the IP the VPN client is getting. Is it within the correct subnet? ( 172.16.47.225-254)

Could you set the IP staticly on the outside interface and not use the configured name alias and test.

issue a clear xlate in case there is an old nat statement that is messing things up...keep in mind that this will cause other users to lose connection as well...

Also try disabling vpn on the outside interface and then re-enable it:

webvpn

no enable outside

enable outside

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

IPSEC VPN CLIENT