Re: ASA 5510 VPN problem

nipl · ‎06-18-2008

Hi,

I have configured ASA5510. remote vpn client gets connected but they are not able to access any network resource behind firewall.

here is current config of asa

any one please help to resolve this

thanks

Thotsaphon Lueangwattanaphong · ‎06-18-2008

Hi,

Could you please remove a "nat (inside) 0 0.0.0.0 0.0.0.0" command and put "sysopt connection permit-ipsec" for testing?

HTH

Thot

Farrukh Haroon · ‎06-18-2008

Try to add the following line:

crypto isakmp nat-traversal 20

Let us know if it works.

Is you VPN client routes window similar to the following:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#connect

Regards

Farrukh

nomair_83 · ‎06-19-2008

Hi,

In your nat0 acl..just swap the networks .(your vpn pool address should be destination)

and call that access-list in nat.

check sysopt and nat-t as well.

and remove nat (inside) 0 0.0.0.0 0.0.0.0

Regards,

Farrukh Haroon · ‎06-19-2008

There is no need to remove nat (inside) 0 0.0.0.0 0.0.0.0 if the proper nat 0 ACL is there. NAT Exemption (nat 0 ACL) has the highest priority and will be consider first.

sysopt is enabled by default (but worth the check).

He is not using the nat ACL you refer to (nat_0), this one is being used which seems correct:

access-list inside_nat0_inbound extended permit ip any 192.168.50.0 255.255.255.192

nat (inside) 0 access-list inside_nat0_inbound

Regards

Farrukh

nomair_83 · ‎06-19-2008

true,

nomair_83 · ‎06-19-2008

Can u mention some lan subnet in your no nat ACL instead of "any".

Just try If it works because "any" should also work.

Regards,