Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1993
Views
0
Helpful
1
Replies

Remote Access VPN - Cisco Client v.5.0.07.0440

rjpdmbmap
Level 1
Level 1

‎03-07-2013 11:57 AM - edited ‎02-21-2020 06:45 PM

Hello.

Any help would be greatly appreciated.

Scenario:

Location #1 - ASA 5520 w/ Cisco Client VPN setup for remote access.  (I do not have access to this device and did not setup the client VPN)

I can connect to this successfully using the Cisco Client v. 5.0.07.0440 - I obtain the proper IP assignment from the pool assigned to this group. <10.1.1.0/27> and I am allowed access to a single host IP 192.168.1.1

Once I am connected to the client VPN, I can not communicate at all with the host 192.168.1.1 - no ping, no ssh, no telnet, etc.

When reviewing the VPN client 'statistics', it shows

Bytes Sent: 4569

Bytes Received: 0

When reviewing my local firewall logs, it shows an error of:

Source IP = <remote peer of ASA5520> - regular translation creation failed for protocol 50 src inside <my ip> dst outside: <remote ASA5520 peer>

Location #2 - ASA 5520 - I do manage this device and I have re-created a client VPN setup using the same Ip scheme and details as above. Once I connect to the client VPN setup on this ASA5520 at this location, I have no problems communicating with host 192.168.1.1

Thoughts?

Labels:
0 Helpful
1 Reply 1

jj27
Spotlight
Spotlight

‎03-07-2013 01:06 PM

You need to check your NAT exemption on Location #1.  Make sure you include traffic from 192.168.1.0 to your VPN pool subnet in the NAT 0 access list.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents