Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2784
Views
5
Helpful
23
Replies

ASA RA VPN

Go to solution
sonitadmin
Level 1
Level 1

‎09-24-2007 10:21 AM - edited ‎02-21-2020 03:17 PM

I've just set up a RA VPN on a new ASA5505. I followed documentation from Cisco on getting it set up. I can connect, but I cannot ping anything on the inside. At first I had vpn pool giving out IP's on the inside but I read that this was incorrect. So I assigned a different IP scheme. I'm just not sure how to make it NAT correctly so that I can get to inside IP addresses. If anyone could help, I would appreciate it.

Thanks!

Labels:
0 Helpful
23 Replies 23

Go to solution
sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-26-2007 07:44 AM

Thanks for all of your help.

I needed the route inside 172.20.5.0 255.255.255.0 192.168.1.x 255.255.255.0 command.

Evertything appears to be working correctly now.

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-26-2007 08:08 AM

Good deal, glad it worked out. Thanks for the rating.

0 Helpful

Go to solution
sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-27-2007 05:20 AM

Ran into another problem this morning. I've tested everything on my end and it works great. Client has a new web server that we are supposed to RDP into once connected to VPN and set up. From my office logged in with our account, I can RDP to the server fine. From a different office, my web developer tries to log in and gets connected fine but can't RDP into the server. Any ideas why it would work from here but not from there?

Thanks!

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-27-2007 05:23 AM

Check the firewall config for...

crypto isakmp nat-traversal

and add it if it is missing.

0 Helpful

Go to solution
sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-27-2007 05:35 AM

It wasn't in there. I added it and it worked. Can you tell me exactly what that command does?

Thanks again for all your help!

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-27-2007 05:43 AM

It enables nat-traversal which allow you to have ipsec esp packets encapsulated in udp. To put it simply, if a vpn client is behind a pat/nat device, ipsec and pat are incompatible, therefore nat-t must be enabled and used. It runs over udp port 4500.

0 Helpful

Go to solution
abow
Level 1
Level 1

‎11-29-2017 03:57 AM

I am in a middle of setting up an ipsec-vpn with ikev2. but my tunnel-group ipsec attributes will not accept

ikev2 command. Please refer to output below:

 

ata-FW(config)# tunnel-group RAVPN ipsec-attributes
Data-FW(config-tunnel-ipsec)# ?

tunnel-group configuration commands:
authorization-required Require users to authorize successfully in order to
connect (DEPRECATED)
chain Enable sending certificate chain
exit Exit from tunnel-group IPSec attribute configuration
mode
help Help for tunnel group configuration commands
ikev1 Configure IKEv1
isakmp Configure ISAKMP policy
no Remove an attribute value pair
peer-id-validate Validate identity of the peer using the peer's
certificate
radius-with-expiry Enable negotiation of password update during RADIUS
authentication (DEPRECATED)
Data-FW(config-tunnel-ipsec)#

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to abow

‎11-29-2017 04:28 AM

Please start a new thread rather than add on to this 10 year old solved one.

0 Helpful

Go to solution
abow
Level 1
Level 1
In response to Marvin Rhoads

‎11-29-2017 07:20 AM

ok. Thanks.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents