06-24-2008 11:57 PM
Hi,
I'm facing an issue while doing easy VPN with network extension mode.
I have a setup
192.100.100.0/24 ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router 192.168.16.1-----192.168.16.21 outside (ASA5505 remote) inside 192.168.1.0/24
I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.
I cannot reach to the server LAN(192.100.100.0/24) from the remote(192.168.1.0/24) and Vice versa
06-25-2008 01:28 PM
06-30-2008 12:08 AM
hi,
your ACL should be like this..
access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.100.100.0 255.255.255.0.
and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.
just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.
Let see it works
06-30-2008 09:14 AM
Can you post the output of :
sh cry ipsec sa
sh vpnclient
from the EZvPN client.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: