Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Configuration on ASA 5505 - Please Help

I'm stuck and really having a tough time figuring out the VPN configuration.

One of my friends was trying to help but he couldn't figure it out.

Details: He has the Cisco VPN Client and can connect to the ASA5505, I have the Windows Client (XP Home) and couldn't even connect (will try again tonight). When he connects, he said that he couldn't see any of our internal machines (Ping, etc). I have made a couple of changes today, and hope to try connecting again tonight.

The setup is just basic VPN, and the connecting machine should be able to access the entire internal office network.

I attached the latest configuration.

(Note: IP's have been changed and are bogus - to provide some mystery.)

5 REPLIES
Green

Re: VPN Configuration on ASA 5505 - Please Help

1. Add "crypto isakmp nat-traversal"

2. Change your vpn client pool to it's own subnet. It should never be the same as a subnet on your inside network.

3. Change your nat exemption acl to reflect the new vpn client subnet.

access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.x.0 255.255.255.0

Community Member

Re: VPN Configuration on ASA 5505 - Please Help

First Thanks for taking a look.

I did the requested changes, but I had to remove the VPNPool from the Assigned Pools on the General Client Parameters to edit the pool. Should I move it back into the Assigned Pools?

Also I have included a new Running configuration (just so you can see the changes I made).

If it all looks ok, I will try tonight and be sure to return and follow-up on this discussion (about 5 hours from now).

Green

Re: VPN Configuration on ASA 5505 - Please Help

Yes, you would have to remote the pool from the tunnel-group attributes, change the pool, then add the pool back to the group...

tunnel-group SuperParasite general-attributes

address-pool VPNPool

Also, you can execute this statement as it is no longer needed...

no access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.100.192 255.255.255.224

Green

Re: VPN Configuration on ASA 5505 - Please Help

Community Member

Re: VPN Configuration on ASA 5505 - Please Help

Cool,

I have made the changes and flashed them. It looks great (even if I don't understand it all). Can't wait to try it out.

Either way, I will come back at let you know.

Thanks again

137
Views
13
Helpful
5
Replies
CreatePlease to create content