Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Use of LANDESK over an ASA VPN Tunnel


I'm having a problem connecting our LANDESK application to remote users on a VPN tunnel.

The head device is an ASA5520 (v8.2.1), while the remote users are on a tunnel created by an ASA 5505 (v7.2.4).

While the remote office users connect well to to email, fileshares, etc., the home office can't loop them up with LANDESK.

The LANDESK server could ping the users, and vice-versa, but that's about it.

I'm guessing (a big guess) that it might have something to do with the policy maps in each ASA:

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

  inspect icmp

  inspect snmp

  inspect dcerpc


service-policy global_policy global

Although I have no idea if this is the case.

Could someone point me in the right direction?


Everyone's tags (2)
Cisco Employee

Re: Use of LANDESK over an ASA VPN Tunnel

I suggest doing packet capture on both Landesk facing  interfaces of the firewall, and trace where the conversation stops.

Then if you find it is related to the firewall, then use packet tracer to drill further to the cause of the issue (if it is mpf related). Usingaddreses, the protocol and ports being used to simulate the traffic through packet tracer.

Hope this helps yo get further.

CreatePlease to create content