Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
2
Replies

ASA 5505 Config

mspence
Community Member

‎05-04-2017 12:39 PM - edited ‎03-12-2019 02:19 AM

Can someone help with this? I am currently studying for my CCNA so I am new at this so forgive me. The config int eh attachment is a preconfigured ASA for our remote homes so I just import all of it and it should "just work" or so I have been told. After a few days of line-by-line debugging I have narrowed the connection issue to this "nat (inside) 0 access-list inside_nat0_outbound" which is missing from the config below and I can access everything on our network and the IP phone works. I know that this also point to "access-list inside_nat0_outbound extended permit ip 172.30.3.128 255.255.255.224 any" and that looks right. I get an error in Windows “Windows can’t communicate with the device or resource (Primary DNS server)". I know the address for that is correct because when I omit that line of code it retrieves the DNS addresses I have input and it even picks it up when I cannot connect—I cannot connect to the internet or our network btw.

Any help and or direction is much appreciated!

Labels:
can_someone_help_with_this.docx
0 Helpful
2 Replies 2

Akhil.Balachandran
Level 1
Level 1

‎05-04-2017 01:21 PM

HI,


Are the remote machines making using of L2TP VPN to connect to the main ASA ?

If that is the case, 

As the l2tp VPN users are behind a NAT device, enable the below command and check if it helps.

crypto isakmp nat-traversal

Regards

Akhil

0 Helpful

mspence
Community Member
In response to Akhil.Balachandran

‎05-05-2017 05:43 AM

I tried your suggestion but it did not work. The way the ASA's are setup there is one PC and phone that are at each place and are hooked directly to the ASA. On the Windows PC's nothing is installed outside of a default Windows installation and and VPN client--GlobalProtect--that is used so they can see their drive on the server but GlobalProtect isn't used to access the internet per say. Other than that, I don't know how the ASA communicates to our network, which is rather big at 3000 PC's connected to it. Normally we have a vendor that configures these but when they did it wouldn't connect just like the one I am working on. We don't have a network person as of right now, so yeah that's kinda where I'm at right now.

btw, thank you very much for the help!!!

edit: The homes all use a cable modem to access the internet if that helps

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card