Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
1
Replies

Setting Access Policies Dual Internet Connections

richard-pang
Level 1
Level 1

‎06-08-2011 09:02 PM - edited ‎03-04-2019 12:39 PM

Hello Everyone,

I'm trying to set up a S2S VPN between two ASA5505 SP units running ASA Version 8.2(1). I've ordered additional ADSL2 lines to handle this traffic and I'm having troubles with the configuration for the additional PPPoE connection. Here is are extracts from my current config; First the interface vlans

     !

     interface Vlan1

     nameif inside

     security-level 100

     ip address 192.168.1.1 255.255.255.0

     !

     interface Vlan2

     nameif outside

     security-level 0

     pppoe client vpdn group Internet

     ip address pppoe setroute

     !

     interface Vlan3

     nameif VPN

     security-level 0

     pppoe client vpdn group VPN

     ip address pppoe

     !

Here is the login section;

     vpdn group Internet request dialout pppoe

     vpdn group Internet localname myusername1@myisp.com

     vpdn group Internet ppp authentication chap

     vpdn group VPN request dialout pppoe

     vpdn group VPN localname myusername2@myisp.com

     vpdn group VPN ppp authentication chap

     vpdn username myusername1@myisp.com password *********

     vpdn username myusername2@myisp.com password *********

This all works and I can see both interfaces with PPPoE connectivity, however none of my policies seem to be working on the VPN interface. For instance; I've added the following for ICMP.

     access-list OUTSIDE_IN_ACL extended permit icmp any any echo-reply

     access-list OUTSIDE_IN_ACL extended permit icmp any any time-exceeded

     access-list OUTSIDE_IN_ACL extended permit icmp any any echo

     ...

     access-list VPN_access_in extended permit icmp any any echo-reply

     access-list VPN_access_in extended permit icmp any any time-exceeded

     access-list VPN_access_in extended permit icmp any any echo

     ...

     access-group OUTSIDE_IN_ACL in interface outside

     access-group VPN_access_in in interface VPN

     ...

     policy-map global_policy

       class inspection_default

         ...

         inspect icmp

The result being that I can ping the OUTSIDE interface, but get no reply from the VPN interface.

I've checked ADSL lines, they are up. The two PPPoE sessions are logged in and active. I can even see the ICMP packets hit the VPN interface, but there is no reply. This is as far as my IOS knowledge gets me. Can anyone help?

thanks,

Richard

Labels:
0 Helpful
1 Reply 1

Eugene Khabarov
Level 7
Level 7

‎06-09-2011 07:46 AM

Seems to me that there is routing problem. PPPoE client install the default route? If so which one of two used?

0 Helpful
Customers Also Viewed These Support Documents