07-02-2014 03:59 AM - edited 03-11-2019 09:24 PM
Team,
i have configured IPSEC VPN Client on the Cisco ASA 5510 firewall and it was working fine.
i have changed the Outside interface IP Address of the ASA . Now able to connect the VPN with new IP Address but unable to access the Local LAN .Neither able to ping the LAN IP Address. The SSL VPN Client configured is working fine.
please help.
Regards,
Saroj Pradhan
07-02-2014 05:02 AM
When connected to the VPN, have you checked the logs to see if there is anything that might indicate why the connection is being dropped.
Might help to see your full running configuration (sanitised), perhaps there is a misconfiguration somewhere.
--
Please remember to select a correct answer and rate helpful posts
07-02-2014 05:06 AM
07-02-2014 05:38 AM
At first glance your config looks fine.
How are you testing the connection? If using ping what IP are you pinging?
If you are testing by trying to ping the inside interface of the ASA you need to add the following command management-access inside
Please check the ASA logs when you connect to the VPN and report back what the connection states.
--
Please remember to select a correct answer and rate helpful posts
07-02-2014 06:21 AM
After running the management-access inside command unable to ping the inside interface IP. Also after connect the vpn i tried to check the log but no error found.
regards,
Saroj
07-02-2014 05:44 AM
i try to ping the LAN IP Address 172.16.32.5 and Got RTO. But in ssl vpn Client its working fine.
i have changed the Outside interface Address few days back after that its not working.
Can i reconfigure the PCF file to connect the ipsec vpn or it will work after change the new ip address in the existing pcf file.
Regards,
Saroj
07-02-2014 06:01 AM
is the PC connected to 172.16.32.5 a windows PC? If so did you disbale windows firewall or any other software firewall installed on the PC before testing?
if you issue the command management-access inside on the ASA, are you able to ping the ASA inside interface.
You should be able to reconfigure the PCF to connect to the IPsec VPN...and you should be able to edit the existing PCF file...either way it should work. Have you tried creating a new VPN profile in the VPN client and see if that works?
please check the logs on the ASA, it might give a hint as to what is going on. Also you might want to do a packet capture for the VPN traffic:
--
Please remember to select a correct answer and rate helpful posts
07-02-2014 06:59 AM
Can you verify the IP the VPN client is getting. Is it within the correct subnet? ( 172.16.47.225-254)
Could you set the IP staticly on the outside interface and not use the configured name alias and test.
issue a clear xlate in case there is an old nat statement that is messing things up...keep in mind that this will cause other users to lose connection as well...
Also try disabling vpn on the outside interface and then re-enable it:
webvpn
no enable outside
enable outside
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide