Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

[ASA] IPSec Remote VPN connect but can't do anything

Hello,

I just made a VPN on my ASA 5505 at home, I can connect successfully to it, but I can't contact anything in the network, nothing respond to ping or to anything else (include the ASA inside IP):

192.168.3.0/24 is my internal network

192.168.80.0/24 is my VPN Pool

192.168.0.0/16 is the network that pass by a L2L IPSec VPN

Here are the samples of my configuration (Ask me if you need something else)

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

vpn-filter value vpn-in

vpn-tunnel-protocol ikev1 l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value remote-split

default-domain value ****

tunnel-group DefaultRAGroup general-attributes

address-pool LevRemotePool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key *****

nat (inside,outside) source static inside-network inside-network destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16 no-proxy-arp route-lookup

nat (outside,inside) source static NETWORK_OBJ_192.168.80.0_24 NETWORK_OBJ_192.168.80.0_24 destination static inside-network inside-network no-proxy-arp route-lookup

nat (outside,outside) source static inside-network inside-network destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16 no-proxy-arp route-lookup

!

object network inside-network

nat (inside,outside) dynamic interface

access-list nonat extended permit ip 192.168.3.0 255.255.255.0 192.168.7.0 255.255.255.0

access-list remote-split standard permit 192.168.3.0 255.255.255.0

access-list remote-split standard permit 192.168.80.0 255.255.255.0

access-list vpn-in extended permit ip object inside-network object NETWORK_OBJ_192.168.80.0_24

access-list vpn-in extended permit ip object NETWORK_OBJ_192.168.80.0_24 object inside-network

object network inside-network

subnet 192.168.3.0 255.255.255.0

object network NETWORK_OBJ_192.168.80.0_24

subnet 192.168.80.0 255.255.255.0

object network NETWORK_OBJ_192.168.0.0_16

subnet 192.168.0.0 255.255.0.0

I'm searching for many days what can be the problem. But I can't find anything.

Can you help me ?

Thank you

Everyone's tags (3)
3 REPLIES

[ASA] IPSec Remote VPN connect but can't do anything

I suggest you have a look at the below URL

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

There are plenty of examples that will guide you to your solution.

HTH>

New Member

[ASA] IPSec Remote VPN connect but can't do anything

I took a look but I did not find updated guides for 8.4 version.

I tried many guides on the web but I always have the same problem.

New Member

[ASA] IPSec Remote VPN connect but can't do anything

Try removing:

nat  (outside,inside) source static NETWORK_OBJ_192.168.80.0_24  NETWORK_OBJ_192.168.80.0_24 destination static inside-network  inside-network no-proxy-arp route-lookup

nat  (outside,outside) source static inside-network inside-network  destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16  no-proxy-arp route-lookup

1214
Views
0
Helpful
3
Replies