cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
797
Views
0
Helpful
7
Replies

Please Help on ASA 5505 VPN config

simonemandelli
Level 1
Level 1
Hi, I'm encountering some throuble when I've tryed to reconfigure VPN on cisco ASA 5505. Recently we have changed our ISP. So i've changed the IP of outside interface using ASDM. Then the VPN stop work. So i've tried to fix using ASDM and CLI with no clue. I've tryed a new configure using ASDM but no success. I've tryed using CLI but no succes. I followed istructions on this address: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_remote_access.html My objective is configure a VPN for remote user access to my network. I don't need special type of privileges or configure. Ex i do not need split tunnel If it is possible i would like to use Windows native VPN client and OSX native VPN client. I'm not a Cisco expert of course. Could someone help me please?
2 Accepted Solutions

Accepted Solutions

route outside 0.0.0.0 0.0.0.0 2.32.107.88 1
I guess, the outgoing address should be 2.32.107.89 as .88 is supposed to be the Network Address

View solution in original post

Can you post the logs here..What did you see in monitoring when you are trying to connect via VPN??

View solution in original post

7 Replies 7

route outside 0.0.0.0 0.0.0.0 2.32.107.88 1
I guess, the outgoing address should be 2.32.107.89 as .88 is supposed to be the Network Address

Hi, I've followed the data gave me by our ISP and foolishly I did not check it...

But you're right the 2.32.107.88 is the network, and there is only two ip that can i use so the gateway is of course the 2.32.107.89 .

The strange thing is that now the modem routes the internal network correctly and the NAT works...

I'm actually out of office for a couple of days, as soon I'll back I'll change to .89 and test it.

I prefer to do this from office because if something goes wrong I completely lost the office internet connection.

Thanks for your advice, I'll inform you about the result.

Best regards

Simone

I've changed the route to 2.32.107.89, but the VPN still doesn't work.

Thanks for your advice.

Simone

Can you post the logs here..What did you see in monitoring when you are trying to connect via VPN??

simonemandelli
Level 1
Level 1

Hi, after the advice of rikshit4aggarwal I've changed the gateway.

The VPN still doesn't work.

Anyone could help me please?

Thanks

Simone

simonemandelli
Level 1
Level 1

Hi, finally i've decided to clean all the zombie config directives and start a new wizard.

It does not work out of the box, it countinuously fails the initial handshake.

I've changed the default group DefaultRAGroup to one named ROAD_WARRIOR and changed the group vpn-tunnel-protocol to ikev1 ( instead of l2tp-ipsec ).

I've also need to create a split tunnel acl and add attributes to  group-policy ROAD_WARRIOR

 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ROAD_WARRIOR_splitTunnelAcl

Without these two options and acl, I haven't access to internet while the VPN is active.

Thanks for the support of rikshit4aggarwal that help me to solve the problem.

The working conf is attached

Best regards

Simone

Congratulations Simone..:)

Best Regards,

Rikshit

Review Cisco Networking for a $25 gift card