04-06-2010 01:42 PM
Hello,
We just migrated from a Pix 515 and VPN Concentrator to an ASA 5520. The firewall portion is working well but we are having some issue with our remote VPN.
Everything on the inside network is accessible when using remote VPN however there is no access to our DMZ or internet. I'm sure there is something simple needed that I'm missing, and hoping someone might be able to shed some light on what is needed to allow the VPN tunnel to go back outside and into our DMZ.
The ASA is running 8.2(2)9 and ASDM 6.2(1).
Cheers,
Rob
Solved! Go to Solution.
04-07-2010 03:27 PM
Ok I made those changes, not seeing anything different. Pings both ways time out.
04-07-2010 03:35 PM
From the 172.16.68.0/24 you can PING 10.10.10.1 correct?
From the 10.10.10.0/24 you can PING 172.16.68.1 correct?
I am having a hard time now figuring out how this tunnel is up since you have PFS
enabled on the ASA but not on the PIX.
Federico.
04-07-2010 07:41 PM
I checked the configuration again.
I would like to know if you can PING:
From the 172.16.68.0/24 you can PING 10.10.10.1
From the 10.10.10.0/24 you can PING 172.16.68.1
Basically from either network reaching the inside IP of the other side of the tunnel endpoint.
Let me know if both PINGs are succesful.
Federico.
04-08-2010 07:11 AM
No, I cannot ping the gateways of the other network from either 172.16.68.0/22 or 10.10.10.0/24
04-08-2010 01:08 PM
Try to PING again, but remember that you should have these commands:
management access-dmz --> On the ASA
management access-inside --> On the PIX
Federico.
04-08-2010 05:05 PM
Alright, the good news is - it works.
The bad news, I had to blow out the config on both sides (we'd had a contractor code the tunnel for us initially and I don't think he really had a clue) and reconfigure it from scratch. Removing the PFS was one thing I made sure of because it didn't make any sense to me after you mentioned it that it was set on the ASA but not the firewall. I'm not even sure that old PIX supports PFS so I just eliminated it.
Federico you are so patient and helpful, thank you so much for all your support with this. I learned a lot.
Cheers,
Rob
04-08-2010 05:35 PM
Very good news.
That's the idea.. I also learned something here everyday!
Thank you very much!
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide