Easy VPN Issue?

Charlie Mayes · ‎04-27-2011

Hello Guys,

I have 2 ASA5505 firewalls. I have one that has a static ip address that has been configured for Remote Access IPSEC VPN. The other one at the remote site I have configured the server Ip address for the first firewall. I have also up the Easy Vpn section of the firewall and it seems to connect because I see a red VPN light on the remote Firewall and a Green light on the server 5505 Firewall. I however can not connect/ping across the tunnel to my servers at the first site but if I connect using the VPN Client it works perfectly. I have tried to ping in Client mode and NEM Mode with no luck. What could be the problem?

mvsheik123 · ‎04-27-2011

Hi,

If the configs on Server end and client end are correct, one reason is the client ASA not getting the your spilttunnel network (internal networks). On cleint ASA do 'show vpnclient detail' gives you more information on the policy. If you still have issues, post both end units configs.

hth

MS

Charlie Mayes · ‎04-27-2011

How I manually bring the tunnel up? Ids there a connect button somewhere on this remote ASA?

mvsheik123 · ‎04-27-2011

'vnclient nem-st-autocnnect' command on client should automaticvally initiate the connection. There is no button. Basic config on client looks this way..

vpnclient server x.x.x.x y.y.y.y --> Primary & backup server ips.

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect
vpnclient vpngroup password
vpnclient username password

vpnclient enable

Post the configs for both unts.

hth

MS