06-02-2009 05:50 AM - edited 02-21-2020 03:29 AM
I am trying to setup a 3640 to act as a VPN server. I can connect fine to the 3640 using the standard windows vpn client. However, I am not able to determing the remote gw over the tunnel. I have selected use gateway on remote network on the client side.
This will be used to allow secure browsing from hotspots, etc for our clients. Attached is my sanitized config.
VPN front is the interface that clients will connect to, VPN back is the public side of the tunnel with a real public IP directly connected to an upstream.
I have removed all local user accounts from the config.
Would it be better to have a dhcp or radius server to provide the gw?
I am also not able to ping the remote gateway from the vpn clients, but I can from the VPN router.
06-08-2009 07:28 AM
You are unable to initiate the VPN tunnel from ASA/PIX interface, and after the tunnel establishment, the remote end/VPN Client is unable to ping the inside interface of ASA/PIX on the VPN tunnel. For example, the pn client can be unable to initiate a SSH or HTTP connection to ASA's inside interface over VPN tunnel.
The inside interface of the PIX cannot be pinged from the other end of the tunnel unless the management-access command is configured in the global configuration mode.
PIX-02(config)#management-access inside
PIX-02(config)#show management-access
management-access inside
06-08-2009 07:51 AM
I cleared the config and started from scratch and it worked for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide