07-09-2008 03:17 AM - edited 02-21-2020 03:48 PM
I have configured VPN on the 5505 using ASDM and I'm able to connect to the 5505 and the client is also getting an IP-address from the configured pool.
The Cisco VPN client shows an error in the log: AddRoute failed to add a route: code 87
Cisco
Solved! Go to Solution.
07-10-2008 09:58 AM
You may need nat traversal turned on. Try adding crypto isakmp nat-traversal 3600
07-09-2008 09:03 AM
Can you ping 10.47.232.1 ?
Also can you paste route print from the vpn client host when vpn is connected.
07-11-2008 03:33 AM
No I can't ping anything.
And here is the route -print after connection
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 48 d4 50 ...... VMware Accelerated AMD PCNet Adapter - Packet Scheduler Miniport
0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.222.101 192.168.222.100 1
85.82.25.170 255.255.255.255 192.168.129.2 192.168.129.130 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.129.0 255.255.255.0 192.168.129.130 192.168.129.130 10
192.168.129.0 255.255.255.0 192.168.222.101 192.168.222.100 10
192.168.129.130 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.129.254 255.255.255.255 192.168.129.130 192.168.129.130 1
192.168.129.255 255.255.255.255 192.168.129.130 192.168.129.130 10
192.168.222.100 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.222.255 255.255.255.255 192.168.222.100 192.168.222.100 10
224.0.0.0 240.0.0.0 192.168.129.130 192.168.129.130 10
224.0.0.0 240.0.0.0 192.168.222.100 192.168.222.100 10
255.255.255.255 255.255.255.255 192.168.129.130 192.168.129.130 1
255.255.255.255 255.255.255.255 192.168.222.100 192.168.222.100 1
Default Gateway: 192.168.222.101
===========================================================================
Persistent Routes:
None
07-10-2008 09:58 AM
You may need nat traversal turned on. Try adding crypto isakmp nat-traversal 3600
07-11-2008 03:34 AM
Unfortunately it didn't help
07-11-2008 05:24 AM
Hi, it seems like it helped anyway.
I was focused on just being able to ping the ASA 5505 on the inside network 10.47.232.1 which I still can't, but everything else goes perfect.
Regards Mogens
07-11-2008 03:21 AM
Hi,
Can you add the following lines on the ASA:
access-list inside_nat0_outbound extended permit ip 192.168.222.0 255.255.255.0 10.47.232.0 255.255.255.0
group-policy tunnel_grp_logiware attributes
split-tunnel-policy tunnelall
This will make sure the split-tunneling is not affecting you routing and that NAT 0 is allowed between the inside network and VPN pool.
Please rate if this helped.
Regards,
Daniel
07-11-2008 03:36 AM
Hi,
i tried it but it didn't help.
07-11-2008 05:46 AM
I think you are missing configuration for Split tunnel . Tunnel your private networks ex 10.47.232.0/24 .
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
HTH
Saju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide