cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
526
Views
5
Helpful
1
Replies
tuj87uqe4
Beginner

ASA 5505 VPN Connection Issue

Good morning everyone,

At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!

Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.

Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:

  1. I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
  2. I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
  3. I cannot access my Seagate network storage drive.

This is what I discovered:

  1. My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
  2. After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
  3. When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
  4. When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
  5. When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".

This explains all of the symptoms:

  1. My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
  2. TradeStation refuses connection to their network because my credentials do not match my network address.
  3. There is no Seagate network storage device on the remote server network.

My questions to the Cisco Support Community are:

  1. Is this the best I can hope for?
  2. Must all traffic be routed through the VPN connection?
  3. Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?

Thank you everyone for your help. I would be happy to provide additional detailed information.

1 REPLY 1
mikeraddie
Beginner

Hi Brian,

you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.

This doc shows how to setup the access control list and apply this to the tunnel policy.

Hope this helps

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Content for Community-Ad