Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1017
Views
0
Helpful
7
Replies

ASA 7.2.2 - Problems VPNs Remote Access

nuria.andres
Level 1
Level 1

‎12-15-2006 04:28 AM - edited ‎03-11-2019 02:09 AM

HI,

I?m trying to configure VPNs Remote Access in a ASA 7.2.2. However, they doesn?t work, so can anybody tell me, the following topics:

What commands can I use to do thoubleshooting?. I use "debug crypto ipsec", "debug crypto sa",...but I don?t see nothing in ASA.

- The subnet used by the remote clients has to be an internal network. So, have I to route this subnet towards inside?. I have serveral internal networks, and the ASA Interface inside is in a different subnet internal.

Is there any good sample document about these topics?

Thank you very much

Best Regards

Labels:
0 Helpful
7 Replies 7

bthibode
Level 1
Level 1

‎01-04-2007 06:52 PM

This link describes how to turn your ASA into a VPN server using ASDM:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Also, you stated that nothing showed up on the debugs, that leads me to believe that the udp 500/4500 (IKE) traffic is not making it to the ASA (ISP issue) ir that you dont have isakmp and/or a crypto map applied to the outside interface.

Please let me know if this helps.

Bryan

0 Helpful

tim.weid
Level 1
Level 1
In response to bthibode

‎01-05-2007 08:12 AM

You might also check your NATing. Make sure the remote subnets are either NATed to something you route or you have a NO NAT statement that allows them to remain intact on your network.

0 Helpful

nuria.andres
Level 1
Level 1
In response to bthibode

‎01-08-2007 07:20 AM

Ok, thank you very much.

I have done like it appears in the document, and the vpn works well. However, I have an important problem.

When the vpn client is connected, the ASA (it seems), that block all tcp connections between, from inside to outside.

Have you any times a similar problem?.

Thank you very much.

Best Regards.

Nuria

0 Helpful

martybarron
Level 1
Level 1

‎01-08-2007 07:25 AM

Therre are some good documents online. I have one set up with an ASA running 7.2.1. The pool resides onthe ASA and is routed to it so the replies reture to it. Are you using the normal cisco vpn client?

Marty Barron

Looks like this

inet ->asa -->in<-- route to vpn addresses

0 Helpful

cstewart
Level 1
Level 1

‎01-08-2007 10:43 AM

Did you turn on "logging monitored" ? Also take a look at Document ID: 70330, should solve your problem.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

0 Helpful

froggy3132000
Level 3
Level 3

‎01-08-2007 11:05 AM

post your config

0 Helpful

mehta.rahul
Level 1
Level 1

‎01-08-2007 11:21 AM

use command sysopt ipsec permit

that way vpn traffic will not be inspected

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card