Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
5
Replies

Cisco VPN client not working from behind ASA.

bapatsubodh
Level 1
Level 1

‎12-05-2008 06:07 AM - edited ‎03-11-2019 07:21 AM

Hi,

We have two Sites R1 and R2 are connected to Internet.

Host from site R1 ( user 1) is connected to ASA2 outside interface via cisco VPN client .

User get connected to ASA 2 VPN but is not able to access the remote site network. It gets a ip form the pool defined in the ASA2. ( but is do not receive default gateway).

As Host user1 is getting connected to ASA2 by VPN connectivity , internal ip address of user1 undergoes NAT ( and global) in ASA1.

So now user machine has two IP address first is the normal LAN Ethernet IP address and second which it gets from ASA2 VPN pool.

Most likely it is due to NAT traversal that the user1 IP undergoes while connecting to ASA2. When it was connected by direct internet connectivity ( DSL Brodaband Cable) everything works well as user1 gets a real public address from ISP.

Any experience please share.

Thanks in advance.

Subodh

Labels:
Preview file
155 KB
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎12-05-2008 07:54 AM

Questions:-

1) Are you using the same IP subnet both sites?

2) Have you configured "sp0lit-tunneling" on the client VPN?

3) Do you have a VPN between ASA1 and ASA2 ?

HTH>

0 Helpful

bapatsubodh
Level 1
Level 1
In response to andrew.prince

‎12-05-2008 08:17 AM

Hi,

we are not using the same IP subnet on both sides?

we have configured Split-tunnel oon our ASA ( ASA1 do we need some ) do we need to add this remote networks in this?

Do we need to do some settings at remote ASA ( that is ASA2 ) also.

we dont have site-to-site ( lan-to-lan ) connectivity between ASA1 and ASA2.

Thanks

Subodh

0 Helpful

andrew.prince
Level 10
Level 10
In response to bapatsubodh

‎12-05-2008 08:19 AM

Do the routing/switching devices on the ASA2 site know how to route to the VPN IP Pool address subnet?

0 Helpful

bapatsubodh
Level 1
Level 1
In response to andrew.prince

‎12-05-2008 12:05 PM

Hi,

Yes, It does know as , when connected with DSLBroadband modem it gets the IP from the same pool and work fine.

I think it is some thing to do with IPSEC with NAT traversal enabled.

Please share ur experience.

Thanks

Subodh

0 Helpful

mathias.mahnke
Level 1
Level 1
In response to bapatsubodh

‎12-06-2008 12:19 PM

Some time ago I had the same issue. Enable IPSEC NAT-T capability on the VPN server headend and everything was working fine for Cisco VPN clients behind a router / ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card