07-05-2007 10:38 AM - edited 02-21-2020 03:08 PM
I'm stuck and really having a tough time figuring out the VPN configuration.
One of my friends was trying to help but he couldn't figure it out.
Details: He has the Cisco VPN Client and can connect to the ASA5505, I have the Windows Client (XP Home) and couldn't even connect (will try again tonight). When he connects, he said that he couldn't see any of our internal machines (Ping, etc). I have made a couple of changes today, and hope to try connecting again tonight.
The setup is just basic VPN, and the connecting machine should be able to access the entire internal office network.
I attached the latest configuration.
(Note: IP's have been changed and are bogus - to provide some mystery.)
07-05-2007 10:50 AM
1. Add "crypto isakmp nat-traversal"
2. Change your vpn client pool to it's own subnet. It should never be the same as a subnet on your inside network.
3. Change your nat exemption acl to reflect the new vpn client subnet.
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.x.0 255.255.255.0
07-05-2007 11:17 AM
First Thanks for taking a look.
I did the requested changes, but I had to remove the VPNPool from the Assigned Pools on the General Client Parameters to edit the pool. Should I move it back into the Assigned Pools?
Also I have included a new Running configuration (just so you can see the changes I made).
If it all looks ok, I will try tonight and be sure to return and follow-up on this discussion (about 5 hours from now).
07-05-2007 11:23 AM
Yes, you would have to remote the pool from the tunnel-group attributes, change the pool, then add the pool back to the group...
tunnel-group SuperParasite general-attributes
address-pool VPNPool
Also, you can execute this statement as it is no longer needed...
no access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.100.192 255.255.255.224
07-05-2007 11:31 AM
Try this link for your windows client...
07-05-2007 11:37 AM
Cool,
I have made the changes and flashed them. It looks great (even if I don't understand it all). Can't wait to try it out.
Either way, I will come back at let you know.
Thanks again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: