Remote VPN using ASA 5510 --newzion123

newzion123 · ‎04-23-2009

Hi,

I have configured Remote VPN access terminating at ASA5510 successfully.Remoye client is getting the IP assigned by the ASA,but that I am not able to ping the ASA inside Interface IP address and not able to ping any PCs which are in inside network from the remote client through the tunnel.

But where as I can ping the remote client's ip address from the ASA.

I am using des,md5 and group2.

Can any one help me to resolve this issue.

vmoopeung · ‎04-29-2009

Check whether "NAT traversal" command is enabled on the router. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

srue · ‎04-29-2009

you won't be able to access the inside asa interface w/o the 'management access inside' command.

For the other pings that aren't working, try enabling icmp inspection for starters...

are you using the command 'sysopt connection permit-vpn'?

robbie.teo · ‎05-05-2009

hi guys,

i faced this problem too.

I set up using the ipsec vpn wizard

will that work?

nomair_83 · ‎05-06-2009

Make sure that NAT exemption is configured i.e you don't need to do NAT for internal PC's when it is going towards VPN users Pool.

robbie.teo · ‎05-06-2009

yes. That one is exempted. Anything else i can check?

nomair_83 · ‎05-06-2009

nat-traversal, sysopt connection permit vpn ???

then make sure that your internal core switch has route towards vpn users pool

robbie.teo · ‎05-07-2009

Can asa 5510 support site-site vpn and remote vpn concurrently?

Coz i gt 1 5510 set up remote vpn without any issue.

But the one with abt 19 site-site vpn encountered problem on remote vpn client