Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with ASA/VPN remote user problem

I am being introduced to the Cisco ASA/VPN device in a trial by fire and I need some help.

Scenario: A disaster recovery site that mimics the IP range of the home network.

Clients will VPN to DR, get an IP address and continue working just like they were at the office.

A VPN tunnel with no split-tunneling should take care of this since all traffic has to go to the ASA before being routed anywhere.

The Problem:I can get connected via VPN using AD authentication (User requirement) but I get no traffic flow. ADSM monitor shows 0 bytes TX and RX for my session. I'm hoping this is something simple that I am just missing and someone can help me out.

I've included an IP scrubbed version of the config.

Thanks! Steve

hostname ciscoasa

domain-name default.domain.invalid

enable password ************* encrypted

names

interface GigabitEthernet0/0

nameif outisde

security-level 0

ip address 10.20.47.6 255.255.255.0

interface GigabitEthernet0/1

shutdown

no nameif

no security-level

no ip address

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

Interface GigabitEthernet0/3

nameif inside

security-level 100

ip address 192.168.157.6 255.255.255.0

interface Management0/0

shutdown

no nameif

no security-level

no ip address

passwd *************** encrypted

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

access-list inside_nat0_outbound extended permit ip any 192.168.131.0 255.255.255.0

access-list outisde_cryptomap_dyn_20 extended permit ip any 192.168.131.0 255.255.255.0

access-list inbound extended permit ip any any log

access-list inbound extended permit icmp any any log

pager lines 24

logging enable

logging timestamp

logging buffer-size 1048576

logging buffered informational

mtu inside 1500

mtu outisde 1500

ip local pool AdminAccessPool 192.168.131.1-192.168.131.254 mask 255.255.255.0

no failover

icmp permit any outisde

asdm image disk0:/asdm-504.bin

no asdm history enable

arp timeout 14400

nat (inside) 0 access-list inside_nat0_outbound

access-group inbound in interface outisde

route outisde 0.0.0.0 0.0.0.0 10.20.47.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server AdminAccessNT protocol nt

aaa-server AdminAccessNT host 198.76.0.26

timeout 5

nt-auth-domain-controller dc1

group-policy AdminAccess internal

group-policy AdminAccess attributes

wins-server value 192.168.3.249 192.168.3.250

dns-server value 192.168.159.9

default-domain value foo.blah.com

webvpn

http server enable

http 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 outisde

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outisde_dyn_map 20 match address outisde_cryptomap_dyn_20

crypto dynamic-map outisde_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outisde_map 65535 ipsec-isakmp dynamic outisde_dyn_map

crypto map outisde_map interface outisde

isakmp enable outisde

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group AdminAccess type ipsec-ra

tunnel-group AdminAccess general-attributes

address-pool AdminAccessPool

authentication-server-group AdminAccessNT

default-group-policy AdminAccess

tunnel-group AdminAccess ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

443
Views
0
Helpful
0
Replies
CreatePlease login to create content