Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA 5505 - VPN Configuration

I am trying to setup a VPN connection to allow clients to access the internal network. I have tried using the VPN wizard time & time again but client will connect but can get out to the internet & communicate with any host on the network. I have tried using a dhcp vpn pool in either the 192.x.x.x or the 10.10.1.X network but no luck.

Any comments or suggestions appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco ASA 5505 - VPN Configuration

whats the reason of those commands?

nat (Outside) 0 access-list policyPAT

nat (Outside) 5 10.10.1.0 255.255.255.0

if not spicific reason remove them

and put the foolowing command:

sysopt connection permit-ipsec

in global configuration mode to allow the VPN traffic to bypass interface access lists

good luck

if helpful Rate

8 REPLIES

Re: Cisco ASA 5505 - VPN Configuration

to solve ur problem u need split tunneling

with split tunneling u gonna include what should be tunnled over vpn any thing else will go t the normal client setting like defualt gateway for internet

do:

access-list Split_Tunnel_List standard permit 192.168.1.0 255.255.255.0

group-policy VPNT attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Split_Tunnel_List

so only traffic included in ACL Split_Tunnel_List will be included in the VPN tunnel anything else as mentioned will use normal PC seeting

use the following link as a refrence:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

good luck

if helpful rate

New Member

Re: Cisco ASA 5505 - VPN Configuration

Hi Marwan,

Let me try as you said & will give you an update.

Thanks for your input!

New Member

Re: Cisco ASA 5505 - VPN Configuration

Hi Marwan,

The commands that you suggested did work work out great! When I VPN into the ASA, I am able to get out to the internet. The only other issue is that I can not ping or access any of the host on the 192.168.1.0 network. How do I go about doing this? What I want to accomplish is access some network drives on a Microsoft Windows 2003 server.

Thanks in advance.

Manny

Thanks.

New Member

Re: Cisco ASA 5505 - VPN Configuration

One other quick question, how do I increase the time the the VPN session times out? As of right now, it times out at about 10 minutes.

Thanks.

New Member

Re: Cisco ASA 5505 - VPN Configuration

Sorry, I forgot to include the latest config.

Re: Cisco ASA 5505 - VPN Configuration

whats the reason of those commands?

nat (Outside) 0 access-list policyPAT

nat (Outside) 5 10.10.1.0 255.255.255.0

if not spicific reason remove them

and put the foolowing command:

sysopt connection permit-ipsec

in global configuration mode to allow the VPN traffic to bypass interface access lists

good luck

if helpful Rate

New Member

Re: Cisco ASA 5505 - VPN Configuration

I will try it out & give you the results.

Thanks for your efforts by the way.

New Member

Re: Cisco ASA 5505 - VPN Configuration

Hi Marwan,

Your suggestions worked out great & am able to access the internet & network drives on the 192.168.1.0 network . I removed the 2 commands & inserted the sysopt connection permit-ipsec command. It worked without the sysopt command but I inserted it anyways because from my understanding it permits IPsec traffic without checking the ACL's?

Anyways thank you so much for all your help.

Manny

848
Views
5
Helpful
8
Replies