Solved: Re: ASA firewall issue

manivelengg · ‎11-11-2010

Hi

I have configured remote access VPN with local pool in ASA firewall however im accessing all the resources(my private network such as servers ) through asa firewall after getting connected the VPN but i cant the mailing server through webmail(ports like 80).Please check the configs.

Maykol Rojas · ‎11-11-2010

Hello,

Would you please take a look at the split tunneling list? Where is the OWA server located?

Cheers.

Mike

View solution in original post

Maykol Rojas · ‎11-11-2010

Hello,

Would you please take a look at the split tunneling list? Where is the OWA server located?

Cheers.

Mike

Federico Coto Fajardo · ‎11-11-2010

Hi,

It seems the OWA has 192.168.100.1 correct?

That IP is internal to the ASA via a static route.

In order for you to be able to reach that server via port 80, the server must be included in the nat0 ACL.

Question.

Can you PING 192.168.100.1 from the VPN client?

I just want to make sure that packets from the VPN client reaches the server and that the problem is specifically with the port 80.

Federico.

manivelengg · ‎11-12-2010

Hi....thanks.

Yes.I can ping 192.168.100.1 from the vpn client.

But i can't access web mail from the vpn client.

manivelengg · ‎11-14-2010

Hi

The OWA sserver is located at my Corporate office and the server ip is 192.168.100.1.After getting connected the vpn client,im pinging the server ip i.e 192.168.100.1 but i cant access my webmail.

R u considering the problem is at 80 port?

manivelengg · ‎11-13-2010

My OWA server locataed at my corperate office.

apothula · ‎11-15-2010

Do you have a route on the 10.10.20.2 router, pointing the VPN pool back to the ASA ??

a route like,

ip route 172.16.1.0 255.255.255.0 10.10.20 1 ??

Cheers,

Nash.

manivelengg · ‎11-15-2010

Hi.....Thanks,

But VPN ip pool was 182.16.1.1-182.16.1.10.Whenever he connected the vpn client,it will assigned this network 182.16.1.0

Can i put this command,

ip route 182.16.1.0 255.255.255.0 10.10.20.1?..

Please advice me.

Thanks.

apothula · ‎11-15-2010

Hi,

Was that a typo 182 in place of 172 ??

I saw the pool as 172.16.1.0/24 in the configuration.

Yeah, you could add that route

ip route 172.16.1.0 255.255.255.0 10.10.20.1

If it is 182

then

ip route 182.16.1.0 255.255.255.0 10.10.20.1

Let me know how it goes.

Cheers,

Nash.

manivelengg · ‎11-15-2010

Hi.....

When i put this command,it is saying,

IFASA#

IFASA#config terminal

IFASA(config)#

IFASA(config)# ip route 172.16.1.0 255.255.255.0 10.10.20.1

ERROR: % invalid input deteced at '^' maker

IFASA(config)#

Please advice me.

Thanks.

apothula · ‎11-15-2010

Are you adding that route on 10.10.20.2 router ??

Cheers,

Nash

manivelengg · ‎11-15-2010

Hi......

Ya.....i put this command the router.

the command was ,

ip route 172.16.1.0 255.255.255.0 10.10.20.1

Thanks.

apothula · ‎11-15-2010

What kind of a device is the 10.10.20.2 ??

is that an ASA or a Router ??

Cheers,

Nash.

manivelengg · ‎11-15-2010

Hi.......

10.10.20.2 this kind of divice is that an ASA.

Thanks.

apothula · ‎11-15-2010

On what interface is the 10.10.20.2 Ip address configured ??

Depending on the interface name,please add the following,

route "interface name" 172.16.10.0 255.255.255.0 10.10.20.1

For ex, if the 10.10.20.2 ip address is configured on the outside interface,

add

route outside 172.16.10.0 255.255.255.0 10.10.20.1

Cheers,

Nash.