Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
3
Replies

ASA 5505 - VPN Connection not working

TimothyOBrien
Level 1
Level 1

‎07-10-2015 08:58 AM - edited ‎03-05-2019 01:51 AM

We had an issue at a Remote Site where tenants needed to connect to their corporate site using a VPN connection 

We have Meraki APs providing DHCP in the 10.0.0.0 subnet which overlapped with their network so I reconfigured the ASA with a "guest" VLAN providing an address to 192.168.2.X and will put the APs in bridge mode.

 

I am testing this connection in my work space and my laptop does now get a 192.168.2.X address and gets Internet access. But when testing a VPN connection using VPN Client to our Router I can't establish a connection. I noticed when I try to ping our VPN router I don't get a response. 

 

So my question is, what is blocking this? I can ping IPs and access Web Pages but not this IP. I spoke with my Boss and he stated nothing related to our corporate firewall must relate to a configuration on the ASA. Any suggestions of how I can troubleshoot? Opened ASDM --> Logging and Filtered by my Source IP but didn't see any information of blocks. Like I said I don't know where too begin, any guidance would be appreciated. 

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎07-11-2015 10:54 AM

Would I be correct in assuming that when the addresses were in the 10 network that access to the router worked? In that case I have a couple of possibilities to consider

- Is it possible that your router does not have a route for the 192.168.2 network?

- Is it possible that you are doing address translation on the traffic and that is confusing the router?

 

HTH

 

Rick

HTH

Rick
0 Helpful

TimothyOBrien
Level 1
Level 1
In response to Richard Burts

‎07-11-2015 12:59 PM

Apologies if my explanation is not ideal.

I configured a new Router (5505) as the Router at this site is a 800 Series so want to transition it out.

At the current location we can ping the Public IP of the VPN router.

I copied an existing 5505 and modified it to now to have VLAN10 as well. VLAN 10 is the guest interface and will provide the 192.168.X.X IP Address. 

For testing I have my laptop directly plugged into Interface 2 of the ASA and the interface is configured as switchport access vlan 10. My laptop does get a DHCP 192.X.X address and can browse the Internet

I am still a novice with Cisco and can't understand why a public IP to say google is any different than public IP to the outside IP of the VPN router. I would have thought if I could ping one public IP I could ping any public IP.

 

 

I will send over my running-config a bit later.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to TimothyOBrien

‎07-11-2015 02:07 PM

Am I understanding correctly that you have configured an ASA5505 to replace a 800 series router at the site? And am I correct in assuming that the ASA has vlan 1 with a subnet in 10 network and vlan 20 with 192.168.2 and an outside interface with a Public IP? Did the 800 router have a VPN connection to your corporate site? Does the ASA have a similar VPN connection? If your laptop were connected in vlan 1 and had an IP address in network 10 does the access to the VPN router work?

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card