Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN issue

Hi,

I'm facing an issue while doing easy VPN with network extension mode.

I have a setup

192.100.100.0/24 ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router 192.168.16.1-----192.168.16.21 outside (ASA5505 remote) inside 192.168.1.0/24

I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.

I cannot reach to the server LAN(192.100.100.0/24) from the remote(192.168.1.0/24) and Vice versa

3 REPLIES
New Member

Re: Easy VPN issue

hi,

your ACL should be like this..

access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.100.100.0 255.255.255.0.

and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.

just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.

Let see it works

Cisco Employee

Re: Easy VPN issue

Can you post the output of :

sh cry ipsec sa

sh vpnclient

from the EZvPN client.

156
Views
0
Helpful
3
Replies