My company had recently bought a pair of new cisco 5525-CX.
I encountered very strange problem in remote-access VPN setup in this device.
I can successfully login to VPN. However, after login, I can only access HTTPS web site, I cannot acces HTTP and I cannot do SSH.
If I will to use packet sniffer on my vpn client labtop, I saw initial TCP handshaking was successful. After that, I saw retransmission repeatedly, as if the destination server didn't receive request from the vpn client labtop.
I can reproduced same problem in both set of firewalls.
Config as below:
ASA Version 9.1(1)
ip local pool myvpn-ippool 10.10.9.65 mask 255.255.255.255
Check your vpn-filter ACL as it is stating permit ip any any. By default, if you don't configure split-tunnel and vpn-filter all traffic from client goes via tunnel. There is no need to configure vpn-filter if you dont want to restrict any traffic.
Remove this VPN Filter.
VPN Filters consist of rules that determine whether to allow or reject tunneled data packets that come through the security appliance, based on criteria such as source address, destination address, and protocol.
When a vpn-filter is applied to a group-policy/user name mode that governs Remote Access VPN Client connections, the ACL must be configured with the client assigned IP addresses in the src_ip position of the ACL and the local network in the dest_ip position of the ACL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :