Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Auth fine, but no LAN access

I used the wizard to set up my VPN. I'm sorry I'm not a Cisco guru by any means.

My current situation is that I can VPN in fine, and ping my inside/internal LAN interface, but I can not ping past it. I can't pass anything past it whatsoever.

I also noticed that I didn't receive a default gateway from my dhcp address on the clients Cisco VPN adapter. I manually added it though, and can fix that issue myself later.

The "VPNUser" group, and user "longdrive" is how I'm authenticating. Please any assistance is greatly appreciated, I'm not a NAT or ACL fan. I'm a windows admin :)

Config attached.

v/r

Jim

15 REPLIES
New Member

Re: VPN Auth fine, but no LAN access

had to pull the original attachment, private info.

Re: VPN Auth fine, but no LAN access

Add management-access inside statement in your config.

Rgds

Jorge

New Member

Re: VPN Auth fine, but no LAN access

That's it?

I failed to mention that I could use the adsm tool if that mattered whatsoever.

I'll add that statement when I get in tomorrow and get back to you.

Thanks!

Re: VPN Auth fine, but no LAN access

that should resolve your problem for lan access through vpn session.. try that and post results.

Gold

Re: VPN Auth fine, but no LAN access

'management-access inside' isn't for lan access. that's for accessing the inside interface of the PIX/asa over a vpn connection, nothing else.

He is probably better off trying 'sysopt connection permit-ipsec' or 'sysopt connection permit-vpn', depending on OS version

....

and it looks like he already has the command 'management-access Internal'...that's why he's able to ping/asdm to the inside interface over the vpn.

New Member

Re: VPN Auth fine, but no LAN access

I just got to the office.

I added the "sysopt connection permit-ipsec" command and it took it successfully.

Testing VPN now.

New Member

Re: VPN Auth fine, but no LAN access

I've managed to get networks pingable, but things like http, dns, mstsc will not work.

Suggestions?

Gold

Re: VPN Auth fine, but no LAN access

make sure whatever hosts you're trying to connect to over the vpn are allowed over the vpn - if you can ping them over the vpn, they are probably allowed.

Do you have any ACL's on the inside/Internal interface? make sure you're connecting to the right address in the vpn, whether you specified an external or internal IP, it should be the same that you are trying to connect to.

New Member

Re: VPN Auth fine, but no LAN access

The only ACL is one I put on that is all services, permit any any.

I starting to go nuts. I can't ping anymore other than the inside interface, nothing really seems to be working except the following:

-vmware vi client console to a host I can't ping

-adsm

I'm getting very confused :)

New config attached.

New Member

Re: VPN Auth fine, but no LAN access

I lied. Now it's attached.

Gold

Re: VPN Auth fine, but no LAN access

re-add the command sysopt connection permit-ipsec

take out teh split tunneling from your group policy, it looks like you dont' want to do split tunneling anyway, based on your tunnel acl.

are you actually using the the crypto map applied to the inside interface?

New Member

Re: VPN Auth fine, but no LAN access

My whole goal here is to get this VPN setup so I can build the rest of the network/servers remotely (vmware esx server, and ms terminal services). I'm not horrible concerned with the security yet, hense the wide open ACL.

I'm actually back out of the office now and was just trying to tweak the vpn from my home. Needless to say I just broke it and I'll have to go back into the office to make it half work again. I'll add/remote those commands as soon as I can and repost the results.

Thank again.

New Member

Re: VPN Auth fine, but no LAN access

Sorry about the delay here.

I've got back to the point establishing a tunnel fine, using ADSM, web access to my inside interface, and pinging my inside interface... NO traffic past the inside still.

I've added the sysopt connection permit-ipsec command, but it doesn't seem to show up in my show run.

Attached is the newest config.

I'm not going to touch it whatsoever without guidance now, no more guesswork for me.

Thanks,

Jim

New Member

Re: VPN Auth fine, but no LAN access

forgot the attachment... again.

New Member

Re: VPN Auth fine, but no LAN access

So I wiped the entire device today, and here is the new config.

CAN:

-Authenticate

-Ping 2x ESX Hosts consistently.

-Ping VM machines on the ESX hosts 1 time, then rest time out (may be ESX issue somehow, but I don't see it internally)

-Open ADSM Web console

-Open ESX web console

CAN'T:

-Ping VM machines more than once

-Resolve DNS

-Use Terminal Services

-Pretty much everything

I would love assistance if anyone is still reading this thread at all. The Config is brand new and should be pretty easy to weed through.

163
Views
1
Helpful
15
Replies