Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN on ASA5550

I have set up a Remote Access VPN using IPSEC on an ASA 5550. All group and user configurations are completed. A VPN session is establised using Cisco Client software, but I am not able to access the internal network.  Any suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN on ASA5550

check the following:

- ACL's on the interface

- NAT rules

- routes on the internal destination, make sure it knows how to get back to the ASA, either by default GW or specific route to the VPN pool subnet (assigned IP address)

- make sure you don't use a VPN-filter

- try to assign a specific IP address to a user and test

- capture tool on the ASA is very useful to see if you are getting a response from the destination

- look for anything suspicious in the log

TIP:

Address space overlaps can be cumbersome to troubleshoot, especially if you use a lot or object groups.

Also to avoid ARP issues, try to use a subnet other then the inside assigned netblock. I've also seen duplicate IP address and all sorts of strange things.

3 REPLIES
Silver

Re: VPN on ASA5550

I would suggest in looking through the nat rules(nat exempt between pool and internal network to be specific), vpn filters if any and also if all the routes are right between the client pool abd the internal network. Also if you have configured split tunnneling, if all you internal networks are included.

New Member

Re: VPN on ASA5550

check the following:

- ACL's on the interface

- NAT rules

- routes on the internal destination, make sure it knows how to get back to the ASA, either by default GW or specific route to the VPN pool subnet (assigned IP address)

- make sure you don't use a VPN-filter

- try to assign a specific IP address to a user and test

- capture tool on the ASA is very useful to see if you are getting a response from the destination

- look for anything suspicious in the log

TIP:

Address space overlaps can be cumbersome to troubleshoot, especially if you use a lot or object groups.

Also to avoid ARP issues, try to use a subnet other then the inside assigned netblock. I've also seen duplicate IP address and all sorts of strange things.

New Member

Re: VPN on ASA5550

Thanks all. It is working fine now.

198
Views
0
Helpful
3
Replies
CreatePlease login to create content