cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3502
Views
0
Helpful
30
Replies

ASA firewall issue

manivelengg
Level 1
Level 1

Hi

I have configured remote access VPN with local pool in ASA firewall however im accessing all the resources(my private network such as servers ) through asa firewall after getting connected the VPN but i cant the mailing server through webmail(ports like 80).Please check the configs.

1 Accepted Solution

Accepted Solutions

Maykol Rojas
Cisco Employee
Cisco Employee

Hello,

Would you please take a look at the split tunneling list? Where is the OWA server located?

Cheers.

Mike

Mike

View solution in original post

30 Replies 30

Maykol Rojas
Cisco Employee
Cisco Employee

Hello,

Would you please take a look at the split tunneling list? Where is the OWA server located?

Cheers.

Mike

Mike

Hi,

It seems the OWA has 192.168.100.1 correct?

That IP is internal to the ASA via a static route.

In order for you to be able to reach that server via port 80, the server must be included in the nat0 ACL.

Question.

Can you PING 192.168.100.1 from the VPN client?

I just want to make sure that packets from the VPN client reaches the server and that the problem is specifically with the port 80.

Federico.

Hi....thanks.

    Yes.I can ping 192.168.100.1 from the vpn client.

     But i can't access web mail from the vpn client.

Hi

The OWA sserver is located at my Corporate office and the server ip is 192.168.100.1.After getting connected the vpn client,im pinging the server ip i.e 192.168.100.1 but i cant access my webmail.

R u considering the problem is at 80 port?

My OWA server locataed at my corperate office.

Do you have a route on the 10.10.20.2 router, pointing the VPN pool back to the ASA ??

a route like,

ip route 172.16.1.0 255.255.255.0 10.10.20 1 ??

Cheers,

Nash.

Hi.....Thanks,

     But VPN ip pool was 182.16.1.1-182.16.1.10.Whenever he connected the vpn client,it will assigned this network 182.16.1.0

     Can i put this command,

       ip route 182.16.1.0 255.255.255.0 10.10.20.1?..

     Please advice me.

   Thanks.

Hi,

Was that a typo 182 in place of 172 ??

I saw the pool as 172.16.1.0/24 in the configuration.

Yeah, you could add that route

    ip route 172.16.1.0 255.255.255.0 10.10.20.1

If it is 182

then

    ip route 182.16.1.0 255.255.255.0 10.10.20.1

Let me know how it goes.


Cheers,

Nash.

Hi.....

  When i put this command,it is saying,

    IFASA#

    IFASA#config terminal

    IFASA(config)#

    IFASA(config)# ip route 172.16.1.0 255.255.255.0 10.10.20.1

ERROR: % invalid input deteced at '^' maker

IFASA(config)#

Please advice me.

Thanks.

Are you adding that route on 10.10.20.2 router ??


Cheers,

Nash

Hi......

    Ya.....i put this command the router.

   the command was ,

    ip route 172.16.1.0 255.255.255.0 10.10.20.1

Thanks.

What kind of a device is the 10.10.20.2 ??

is that an ASA or a Router ??

Cheers,


Nash.

Hi.......

   10.10.20.2 this kind of divice is that an ASA.

Thanks.

On what interface is the 10.10.20.2 Ip address configured ??

Depending on the interface name,please add the following,

route "interface name" 172.16.10.0 255.255.255.0 10.10.20.1

For ex, if the 10.10.20.2 ip address is configured on the outside interface,

add

route outside 172.16.10.0 255.255.255.0 10.10.20.1

Cheers,

Nash.

Review Cisco Networking for a $25 gift card