Re: Remote access VPN cant access internal server

d_unafraid · ‎03-20-2006

Hi ALL

I have configure remote access VPN on my ASA 5510

Below are my configuration

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool vpnpool 192.168.4.10-192.168.4.245

username test password test

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group nslgroup type ipsec-ra

tunnel-group nslgroup general-attributes

address-pool vpnpool

tunnel-group nslgroup ipsec-attributes

pre-shared-key test

crypto dynamic-map dyn1 1 set transform-set nslSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

After i connected successfully I look at my VPN adapter configuration under IPconfig/all and this is what i got

IP address 192.168.4.10

subnet 255.255.255.0

gateway 192.168.4.10

I have no issue connecting my cisco VPN client from outside, No problem with the user authentication as well. But i am facing a issue when I try to ping any internal servers i am not getting a respone at all.

Appreciate if u guys can help me around with this

Thank you

jmia · ‎03-21-2006

Enable NAT-T for ISAKMP, in config mode:

isakmp nat-traversal

Hope this helps let me know how you get on and please rate post if it helps.

Jay

d_unafraid · ‎03-21-2006

Hi Jay

Thank you for your reply

this is the command below i use to get it working

access-list nonat permit ip internal_network/mask ip_local_pool/mask

nat (inside) 0 access-list nonat

jmia · ‎03-21-2006

Glad to hear all is working, you didn't show all of your config on the original post so I presumed that you already had the nat 0 and acl setup!!

Anyway well done, :)

d_unafraid · ‎03-23-2006

Thank Pal!