I have cisco ASA5520 in which i have configured remote access vpn for cisco vpn client.the problem is from vpn client i am able to establisdh the tunnel and in asa also it's showing tunnel is up but i am unable to access inside network.
i have given access list also..
acess-list nonat extended permit ip any 192.168.10.0 255.255.255.0
Re: unable to access inside network-remote access VPN
Thanks for the help. Finally got on the phone with Cisco and we got a solution:
According to Cisco. The ASA does not handle ESP protocol and Port Address Translation at well. So, I had to NAT an extra public IP to a static internal address. Then create two access rules; 1. open port 500 to the NAT rule and 2. allow any ESP traffic also to the NAT rule.
Essentially, IPSEC communicates on the ESP protocol and port 500. Since ESP is a portless protocol, my old configuration would drop that traffic, never getting to the client. With the new configuration my VPN to the remote site works fine. BTW, the remote site had a PIX515, probably running an old IOS without NAT Transversal enabled.
-6x.1xx.2xx.1xx = free public ip
-nat(inside,outside) 6x.1xx.2xx.1xx 10.12.10.9
-access-list outside_access_in line 5 permit udp any host 6x.1xx.2xx.1xx eq 500
-access-list outside_access_in permit esp any host 6x.1xx.2xx.1xx
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :