Cisco Remote VPN client Issue

nikuhappy2010 · ‎07-15-2010

Hello Experts,

I have just setup a remote VPN on Cisco ASA Firewall of SITE A which is working fine from outside network but when i try to connect with VPN from SITE B whereon the Cisco ASA firewall is also deployed then it doesn't work.

I allow only internal n/w of SITE A if i connect with remote VPN of SITE A from o/s n/w. For the troubleshooting perspective, I permited the IP protocol for the remote HOST IP then I could be able to connect with from SITE B Internal network but when i try to connect the servers located at Internal environment of SITE A then I am not able to reach them.

Can you pls. suggest the steps in sequence to troubleshoot this issue?

Regards,

Vinay Gupta

Kevin Redmon · ‎07-15-2010

Vinay,

1.) Confirm that the Remote VPN is up.

2.) Within the VPN Client, confirm which IP address you are assigned from the VPN IP Pool.

3.) Perform a packet capture on the inside interface of SITE A. When you try to connect to a server at Site A, you should see a SYN (Client->Server), SYN-ACK (Server->Client), ACK (Client->Server) to setup the TCP connection. Reference the link below on how to perform and view packet captures:

https://supportforums.cisco.com/docs/DOC-1222

4.) If you see only the SYN packet egress the inside interface of the ASA towards the server, you will need to investigate the routing between the server and the IP address as assigned to the VPN Client.

One command that may come into play here is 'reverse-route'. This keyword, appended to the end of the 'crypto dynamic-map' entry will inject the route of the client into any upstream dynamic routing processes, allowing the return traffic to be received by the client.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2235127

Let me know if this helps!

Best Regards,

Kevin