cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
288
Views
0
Helpful
3
Replies

ASA 5505 - VPN Connection not working

TimothyOBrien
Level 1
Level 1

We had an issue at a Remote Site where tenants needed to connect to their corporate site using a VPN connection 

We have Meraki APs providing DHCP in the 10.0.0.0 subnet which overlapped with their network so I reconfigured the ASA with a "guest" VLAN providing an address to 192.168.2.X and will put the APs in bridge mode.

 

I am testing this connection in my work space and my laptop does now get a 192.168.2.X address and gets Internet access. But when testing a VPN connection using VPN Client to our Router I can't establish a connection. I noticed when I try to ping our VPN router I don't get a response. 

 

So my question is, what is blocking this? I can ping IPs and access Web Pages but not this IP. I spoke with my Boss and he stated nothing related to our corporate firewall must relate to a configuration on the ASA. Any suggestions of how I can troubleshoot? Opened ASDM --> Logging and Filtered by my Source IP but didn't see any information of blocks. Like I said I don't know where too begin, any guidance would be appreciated. 

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Would I be correct in assuming that when the addresses were in the 10 network that access to the router worked? In that case I have a couple of possibilities to consider

- Is it possible that your router does not have a route for the 192.168.2 network?

- Is it possible that you are doing address translation on the traffic and that is confusing the router?

 

HTH

 

Rick

HTH

Rick

Apologies if my explanation is not ideal.

I configured a new Router (5505) as the Router at this site is a 800 Series so want to transition it out.

At the current location we can ping the Public IP of the VPN router.

I copied an existing 5505 and modified it to now to have VLAN10 as well. VLAN 10 is the guest interface and will provide the 192.168.X.X IP Address. 

For testing I have my laptop directly plugged into Interface 2 of the ASA and the interface is configured as switchport access vlan 10. My laptop does get a DHCP 192.X.X address and can browse the Internet

I am still a novice with Cisco and can't understand why a public IP to say google is any different than public IP to the outside IP of the VPN router. I would have thought if I could ping one public IP I could ping any public IP.

 

 

I will send over my running-config a bit later.

Am I understanding correctly that you have configured an ASA5505 to replace a 800 series router at the site? And am I correct in assuming that the ASA has vlan 1 with a subnet in 10 network and vlan 20 with 192.168.2 and an outside interface with a Public IP? Did the 800 router have a VPN connection to your corporate site? Does the ASA have a similar VPN connection? If your laptop were connected in vlan 1 and had an IP address in network 10 does the access to the VPN router work?

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card