Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to reach internal Networks

Hi,

I have configured a Remote access vpn on pix 525 with 7.2(4) code. After getting connected (with ip address assigned from the pool) i am not able to reach any of the internal networks.

My topology is like this

Internet ---> Firewall ---> LAN (L3 Switch with default route pointing towards Firewall inside interface) and firewall has reachability to all internal networks.

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map dmap 10 set transform-set myset

crypto map ravpn 10 ipsec-isakmp dynamic dmap

crypto map ravpn interface outside

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel_list

tunnel-group DefaultRAGroup general-attributes

address-pool ravpn

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2

nat (inside) 0 access-list ravpn

ip local pool ravpn 10.1.1.10-10.1.1.100 mask 255.255.255.0

access-list ravpn extended permit ip 172.16.0.0 255.240.0.0 10.1.1.0 255.255.255.0

access-list split_tunnel_list standard permit 172.16.0.0 255.240.0.0

Please correct if i am doing any mistake.

Thanks,

Ravi

3 REPLIES
Cisco Employee

Unable to reach internal Networks

Does the internal network know how to reach the VPN Client pool subnet (10.1.1.0/24), ie: via the ASA inside interface?

New Member

Unable to reach internal Networks

Yes. Internal L3 switch has reachability to the outside world through a default route.

Any how things got started working. I just cleared all the vpn related configs and reconfigured it again.

Thanks,

Ravi

Cisco Employee

Unable to reach internal Networks

Great to hear it started to work again, and thanks for the update.

299
Views
0
Helpful
3
Replies
CreatePlease login to create content