Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
4
Replies

We replaced a router with upgraded OS and VPN stopped working

Go to solution
WhatcomIT
Level 1
Level 1

‎12-13-2011 10:44 AM - edited ‎03-04-2019 02:37 PM

We have an ASA5520 with VPN working fine.

outside host <---> ASA (10.100.0.2/24) <---> (10.100.0.1) Router (10.4.1.1/16) <---> (10.4.1.x) inside Host

We replaced the router, which upgraded the OS from v12.2 to v15.0. We duplicated all the addressing and routing statements from the old router. Now the VPN still connects but the outside host can't ping the inside host anymore. The outside host can't ping any further than the inside interface of the router (10.4.1.1). The Router can ping the outside host, so I know the tunnel is up.

I suspect there is a difference in the OS versions that is tripping us up. Perhaps in the way that we have reused the 10.x.x.x address range?

I've attached the router config.

Labels:
118854-sendcfg.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎12-13-2011 11:05 AM

Am I correct in understanding that 10.4.200.0 is the address range used for the VPN address pool? So the outside host is getting address 10.4.200.x and is attempting to ping 10.4.1.x?

Based on this assumption I am going to guess that the issue may be with this:

interface GigabitEthernet0/1

no ip proxy-arp

I suggest that you try enabling proxy arp on the inside interface. Give it a try and let us know if it helps.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎12-13-2011 11:05 AM

Am I correct in understanding that 10.4.200.0 is the address range used for the VPN address pool? So the outside host is getting address 10.4.200.x and is attempting to ping 10.4.1.x?

Based on this assumption I am going to guess that the issue may be with this:

interface GigabitEthernet0/1

no ip proxy-arp

I suggest that you try enabling proxy arp on the inside interface. Give it a try and let us know if it helps.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
WhatcomIT
Level 1
Level 1
In response to Richard Burts

‎12-13-2011 12:16 PM

Your assumption is correct about the address range. The ip proxy-arp solved the big problem. Thank you!

We have some other issues because our network is more complicated than I presented. I'll post a new entry if we run into any more road blocks.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to WhatcomIT

‎12-13-2011 03:34 PM

I am glad that my suggestion pointed you to a successful solution of your problem. Thank you for using the rating system to mark the question as answered (and thanks for the points). It makes the forum more useful when people can read about an issue and can know that a solution was found. Your marking has contributed to this process.

This forum is an excellent resource and I encourage you to continue to use it and to post questions when you run into issues.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Richard Burts

‎12-13-2011 05:09 PM

Rick rules

0 Helpful
Customers Also Viewed These Support Documents