cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
228
Views
0
Helpful
1
Replies

VPN Forms I get an IP but no traffic passes.... please help

bigassmonkey
Level 1
Level 1

Result of the command: "show run"

: Saved

:

ASA Version 8.0(2)

!

hostname asa

domain-name

enable password names

name 192.168.1.33 VPN

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

pppoe client vpdn group BELLSOUTH

ip address pppoe setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd encrypted

boot system disk0:/asa802-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name access-list Split_tunnel_list standard permit 192.168.1.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool INTERNAL VPN-192.168.1.37 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable 8080

http 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group BELLSOUTH request dialout pppoe

vpdn group BELLSOUTH localname vpdn group BELLSOUTH ppp authentication pap

vpdn username password *********

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-VPN inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

webvpn

enable outside

csd image disk0:/securedesktop-asa-3.2.0.136-k9.pkg

svc image disk0:/sslclient-win-1.1.0.154.pkg 1

svc enable

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Split_tunnel_list

webvpn

url-list none

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc ask enable

username Monkey password ********** encrypted

username Monkey attributes

vpn-group-policy GroupPolicy1

vpn-tunnel-protocol IPSec l2tp-ipsec svc

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool INTERNAL

tunnel-group RAS type remote-access

tunnel-group RAS general-attributes

address-pool INTERNAL

default-group-policy GroupPolicy1

prompt hostname context

Cryptochecksum:xxx

: end

what am I missing? I think its a no nat rule but I don't know how to correct this problem..

Thanks in advance

1 Reply 1

steve_steele
Level 1
Level 1

I think that the mtu on the outside interface may be part of the problem, try setting it to 1492.

I've only done this on a pix with 6.2 or something running on it and its a while ago.

nat (inside) 0 access-list no-nat

access-list no-nat permit ip

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: