Re: Default client gw over vpn

paarlberg · ‎06-02-2009

I am trying to setup a 3640 to act as a VPN server. I can connect fine to the 3640 using the standard windows vpn client. However, I am not able to determing the remote gw over the tunnel. I have selected use gateway on remote network on the client side.

This will be used to allow secure browsing from hotspots, etc for our clients. Attached is my sanitized config.

VPN front is the interface that clients will connect to, VPN back is the public side of the tunnel with a real public IP directly connected to an upstream.

I have removed all local user accounts from the config.

Would it be better to have a dhcp or radius server to provide the gw?

I am also not able to ping the remote gateway from the vpn clients, but I can from the VPN router.

bwilmoth · ‎06-08-2009

You are unable to initiate the VPN tunnel from ASA/PIX interface, and after the tunnel establishment, the remote end/VPN Client is unable to ping the inside interface of ASA/PIX on the VPN tunnel. For example, the pn client can be unable to initiate a SSH or HTTP connection to ASA's inside interface over VPN tunnel.

The inside interface of the PIX cannot be pinged from the other end of the tunnel unless the management-access command is configured in the global configuration mode.

PIX-02(config)#management-access inside

PIX-02(config)#show management-access

management-access inside

paarlberg · ‎06-08-2009

I cleared the config and started from scratch and it worked for me.