vpn3015 convertion to asa

skiergaard · ‎09-23-2006

Folks:

i am replacing our venerable vpn 3015 with an asa5510. i seem to have basic vpn connectivity (vpn client v4.7) but im used to connecting to the private net side to administer the devices. as of now, if i attempt a telnet or asdm connection to the private interface, i get no reponse. is this by design? is there a way around this? (vpn tunnel was configured using asdm wizard) the one thing i THINK im missing is the vpn30xx series had a tunnel default gateway. there doesnt seem to be a replacement in asdm. i had thought to use "route inside 0 0 192.168.x.1 tunneled" to replace this but maybe there is more im missing?

skiergaard · ‎09-23-2006

its worse than i thought.

no traffic is flowing at all.

skiergaard · ‎09-23-2006

ok, fixed my flow problem (note to self; DON'T delete the nat exempt statement just 'cause you dont understand it) now im back to my original problem, i cant telnet to the inside interface from the tunnel.

another thought based on how i messed myself up to start with: when my 3002's get connected, are there address spaces going to need to be exempted from nat also? ( i currently have a nat 0 0 interface)

todh · ‎10-12-2007

Have you tried the management-access command? It will allow you to connect to the inside interface once you are connected with th VPN client. You have to specify an interface such as inside. You will also need to setup the telnet command to allow the ip range to get to the ASA.