07-23-2012 07:38 AM - edited 02-21-2020 06:13 PM
Hi,
I set up Remote access VPN, I get connected but no traffic.
From packet tracer seems to be OK.
Any ideeas?
Thanks!
07-23-2012 09:20 AM
You would need to configure NAT exemption as follows:
object network obj-172.16.5.0
subnet 172.16.5.0 255.255.255.0
object network obj-172.16.0.0
subnet 172.16.0.0 255.255.255.224
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.254.0
object network vpn-pool
subnet 172.16.200.0 255.255.255.0
nat (LAN-Servers,External) source static obj-172.16.5.0 obj-172.16.5.0 destination static vpn-pool vpn-pool
nat (LAN-IT,External) source static obj-172.16.0.0 obj-172.16.0.0 destination static vpn-pool vpn-pool
nat (LAN-GenPop,External) source static obj-172.16.2.0 obj-172.16.2.0 destination static vpn-pool vpn-pool
07-23-2012 10:58 AM
07-23-2012 06:59 PM
How are you trying to test? Did you use ping?
If you do, please also add the following:
policy-map global_policy
class inspection_default
inspect icmp
And are you able to ping 172.16.0.29 after connected through AnyConnect?
07-23-2012 09:49 PM
I tried with ping, nothing.
I added those, still nothing.
i can't ping anything, not even 172.16.0.29.
But now, in packet tracer I have this:
Thank you!
07-24-2012 01:36 PM
You need to declarate the network routes for the inside network. Can you put the show output of the command "debug crypto ipsec sa"???
Saludos,
Jose Luis B.
No te olvides de calificar si te sirvio la ayuda.
Please do rate if the given information helps.
07-24-2012 09:43 PM
No output on "debug crypto ipsec". (with sa it gives me an error)
07-25-2012 01:41 AM
well, this is AnyConnect, so the "debug cry ipsec" is incorrect debug to use.
Can you please connect via AnyConnect, and share the output of statistics and also the route from the AnyConnect client.
Also, pls share the latest config after the changes.
07-25-2012 03:03 AM
07-25-2012 09:16 AM
On the ASA, can you please share the details of the following once you connected through the AnyConnect and ping something:
show vpn-sessiondb detail anyconnect
07-25-2012 10:19 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide