cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1831
Views
0
Helpful
3
Replies

[ASA] IPSec Remote VPN connect but can't do anything

mathieupoussin
Level 1
Level 1

Hello,

I just made a VPN on my ASA 5505 at home, I can connect successfully to it, but I can't contact anything in the network, nothing respond to ping or to anything else (include the ASA inside IP):

192.168.3.0/24 is my internal network

192.168.80.0/24 is my VPN Pool

192.168.0.0/16 is the network that pass by a L2L IPSec VPN

Here are the samples of my configuration (Ask me if you need something else)

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

vpn-filter value vpn-in

vpn-tunnel-protocol ikev1 l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value remote-split

default-domain value ****

tunnel-group DefaultRAGroup general-attributes

address-pool LevRemotePool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key *****

nat (inside,outside) source static inside-network inside-network destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16 no-proxy-arp route-lookup

nat (outside,inside) source static NETWORK_OBJ_192.168.80.0_24 NETWORK_OBJ_192.168.80.0_24 destination static inside-network inside-network no-proxy-arp route-lookup

nat (outside,outside) source static inside-network inside-network destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16 no-proxy-arp route-lookup

!

object network inside-network

nat (inside,outside) dynamic interface

access-list nonat extended permit ip 192.168.3.0 255.255.255.0 192.168.7.0 255.255.255.0

access-list remote-split standard permit 192.168.3.0 255.255.255.0

access-list remote-split standard permit 192.168.80.0 255.255.255.0

access-list vpn-in extended permit ip object inside-network object NETWORK_OBJ_192.168.80.0_24

access-list vpn-in extended permit ip object NETWORK_OBJ_192.168.80.0_24 object inside-network

object network inside-network

subnet 192.168.3.0 255.255.255.0

object network NETWORK_OBJ_192.168.80.0_24

subnet 192.168.80.0 255.255.255.0

object network NETWORK_OBJ_192.168.0.0_16

subnet 192.168.0.0 255.255.0.0

I'm searching for many days what can be the problem. But I can't find anything.

Can you help me ?

Thank you

3 Replies 3

andrew.prince
Level 10
Level 10

I suggest you have a look at the below URL

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

There are plenty of examples that will guide you to your solution.

HTH>

I took a look but I did not find updated guides for 8.4 version.

I tried many guides on the web but I always have the same problem.

Try removing:

nat  (outside,inside) source static NETWORK_OBJ_192.168.80.0_24  NETWORK_OBJ_192.168.80.0_24 destination static inside-network  inside-network no-proxy-arp route-lookup

nat  (outside,outside) source static inside-network inside-network  destination static NETWORK_OBJ_192.168.0.0_16 NETWORK_OBJ_192.168.0.0_16  no-proxy-arp route-lookup