NAT Route for Remote VPN on ASA 5510 8.4(2) - Page 3

shaikhugee · ‎11-16-2011

I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes and I cannot understand how to resolve this problem.

Could someone help me in this please? Its urgent.

shaikhugee · ‎11-17-2011

another thing to let you know is I am connecting through DynDNS host name as I donot have static IP addresses from my ISP. But it doesnt matter as i can successfully connect through.

Maykol Rojas · ‎11-17-2011

You can leave the Real time log viewer running go test and then come back to check the logs No idea as of why at this point is not letting you connect correctly. Are you trying with ping or are you doing TCP connections?

Mike

shaikhugee · ‎11-17-2011

Both.

Maykol Rojas · ‎11-17-2011

Mmmmm, weird... The logs surely will let us know what step is to follow next.

Mike

shaikhugee · ‎11-17-2011

Dear Mike,

Following logs I could find on the real time log viewer:

6

Nov 17 2011

14:29:54

192.168.25.1

50777

192.168.10.33

53

Built inbound UDP connection 57927 for Outside:192.168.25.1/50777 (192.168.25.1/50777)(LOCAL\musman) to inside:192.168.10.33/53 (192.168.10.33/53) (musman)

6

Nov 17 2011

14:29:55

192.168.25.1

50777

192.168.10.33

53

Teardown UDP connection 57927 for Outside:192.168.25.1/50777(LOCAL\musman) to inside:192.168.10.33/53 duration 0:00:00 bytes 84 (musman)

6

Nov 17 2011

14:29:55

192.168.25.1

50896

192.168.10.33

53

Teardown UDP connection 57929 for Outside:192.168.25.1/50896(LOCAL\musman) to inside:192.168.10.33/53 duration 0:00:00 bytes 96 (musman)

Nothing more then this.

shaikhugee · ‎11-17-2011

Found more logs:

6

Nov 17 2011

15:08:50

192.168.25.1

0

192.168.5.2

0

Teardown ICMP connection for faddr 192.168.25.1/0(LOCAL\vpn-user) gaddr 192.168.5.2/0 laddr 192.168.5.2/0

6

Nov 17 2011

15:08:49

192.168.25.1

137

10.13.10.83

137

Teardown UDP connection 59871 for Outside:192.168.25.1/137(LOCAL\vpn-user) to inside:10.13.10.83/137 duration 0:00:00 bytes 50 (vpn-user)

6

Nov 17 2011

15:08:49

192.168.25.1

137

10.13.10.83

137

Built inbound UDP connection 59871 for Outside:192.168.25.1/137 (192.168.25.1/137)(LOCAL\vpn-user) to inside:10.13.10.83/137 (10.13.10.83/137) (vpn-user)

6

Nov 17 2011

15:08:47

192.168.25.1

137

10.13.10.83

137

Teardown UDP connection 59870 for Outside:192.168.25.1/137(LOCAL\vpn-user) to inside:10.13.10.83/137 duration 0:00:00 bytes 50 (vpn-user)

6

Nov 17 2011

15:08:47

192.168.25.1

137

10.13.10.83

137

Built inbound UDP connection 59870 for Outside:192.168.25.1/137 (192.168.25.1/137)(LOCAL\vpn-user) to inside:10.13.10.83/137 (10.13.10.83/137) (vpn-user)

6

Nov 17 2011

15:08:46

192.168.5.2

0

192.168.25.1

0

Built outbound ICMP connection for faddr 192.168.25.1/0(LOCAL\vpn-user) gaddr 192.168.5.2/0 laddr 192.168.5.2/0

6

Nov 17 2011

15:08:46

192.168.25.1

137

10.13.10.83

137

Teardown UDP connection 59868 for Outside:192.168.25.1/137(LOCAL\vpn-user) to inside:10.13.10.83/137 duration 0:00:00 bytes 50 (vpn-user)

6

Nov 17 2011

15:08:46

192.168.25.1

137

10.13.10.83

137

Routing failed to locate next hop for UDP from Outside:192.168.25.1/137 to inside:10.13.10.83/137

6

Nov 17 2011

15:08:46

192.168.25.1

137

10.13.10.83

137

Built inbound UDP connection 59868 for Outside:192.168.25.1/137 (192.168.25.1/137)(LOCAL\vpn-user) to inside:10.13.10.83/137 (10.13.10.83/137) (vpn-user)

shaikhugee · ‎11-17-2011

Got it working. Enabled the IPsec over NAT-T under the IKE Parameters and now i can ping the internal network. Mike thanks for the support you being so Generous.

Maykol Rojas · ‎11-17-2011

No problem Muhammad, I am glad that you got it working and everything is fine

Thank you for posting.

Cheers,

Mike