Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
5
Replies

Not able to connect ASA Itself through remote ipsec vpn

chetansharma2
Level 1
Level 1

‎08-20-2014 05:20 AM - edited ‎03-11-2019 09:39 PM

Hi ,

 

I have configured the Remote IPsec vpn on my firewall asa 5510. i have configured the standard acl for accessing the internet network. i am able to connect the vpn, able to access the lan devices as well but when i tried to connect to the firewall itself on public IP its not working.

any suggestions Please.

 

 

 

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎08-20-2014 07:33 AM

We could answer your question better if we knew more about how you have configured your ASA and how you are attempting to access it. In particular it would help if we knew what is the addressing in your VPN address pool, how you are attempting to access the ASA (is it telnet, SSH, ASDM), and what addresses and source interfaces you have specified as able to access the ASA.

 

HTH

 

Rick

HTH

Rick
0 Helpful

chetansharma2
Level 1
Level 1
In response to Richard Burts

‎08-20-2014 09:39 PM

 

Hi ,

Running IOS:Cisco Adaptive Security Appliance Software Version 8.2(5)

In the normal operation i am able to ssh the inside interface through lan. and also earlier through vpn i was able to access the firewall on outside interface.

 

I have configured one subnet 10.101.101.0 255.255.255.224 for vpn, and trying to do ssh .also earlier it was working fine... but now its not working. ssh is enabled on outside interface for this subnet.

ip local pool pool**** 10.101.101.1-10.101.101.30 mask 255.255.255.224

tunnel-group noc-****** general-attributes
 address-pool pool*****
 default-group-policy ra-*******

group-policy ra-***** attributes
 wins-server none
 dns-server value ************
 vpn-simultaneous-logins 10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ra-********
 default-domain value vertex.co.in

ssh 10.101.101.0 255.255.255.224 outside

access-list ra-******* standard permit host *******************  -------Even added acl for public ip of asa
access-list ra-******* standard permit host ******************
 

*************

Note: When am trying to ssh the firewall outside interface IP, getting log that ACL denied

the Logs which is generated is not from the IP which i got through vpn , its from my public IP of Data card.

 

 

 

 

 

 

 

 

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to chetansharma2

‎08-21-2014 08:03 AM

From the symptoms that you describe I am guessing that the issue has to do with the configuration for split tunneling for AnyConnect. Were any changes made in that part of the config of the ASA? Can you provide the details of how split tunneling is currently configured?

 

HTH

 

Rick

HTH

Rick
0 Helpful

chetansharma2
Level 1
Level 1
In response to Richard Burts

‎09-07-2014 11:41 PM

Thanks for the support..

 

Issue got resolve. now am able to connect it automatically....

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to chetansharma2

‎09-08-2014 09:58 AM

It is good to know that the issue is resolved. Can you share with us what the problem was and what you did to resolve it?

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card