Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
2
Replies

ASA5505 blocking VPN?

Iker Torrontegui
Level 1
Level 1

‎01-30-2013 08:59 AM

Hi,

We just upgraded our ASA here at work to a new ASA5515-x with 8.6 (used to have a ASA5510). We used the VPN wizrd to create a generic VPN Profile and Group. The profile works with split tunneling just fine from outside our network. But when I go home, I have an ASA5505 with 8.4. When i connect to work using the VPN Client on windows, it connects and gets the appropriate IP but i am not able to get to anything on our work network. When i try and connect using the built-in client on Mac OS X (10.5, 10.6, 10.7 or 10.8) using IPSec, it comes back and says "Remote server did not respond". If i look at my console on the Mac, it shows it connected, built the first tunnel, then it sits. if i watch the logs on our 5515, it shows the same. But it will not authenticate the local user past the group. The Cisco VPN Client on the mac wont even attempt to connect, it just flashes connecting to x.x.x.x and disconnects about a second later.

Is there a setting that i am missing on my 5505 to allow VPN out? Is there a setting were missing on our 5515 that might not be allowing the VPN clients to connect from certain networks?

Please let me know if you have any questions.

Thanks!

Labels:
0 Helpful
2 Replies 2

Iker Torrontegui
Level 1
Level 1

‎02-28-2013 12:13 PM

Hi, ok now that i have had enough time to test this.... (plus a bump)

In testing, I took and gave my machine, on the inside of my ASA5505, and gave it a static NAT. I then tried to connect and was able to connect and see devices on the remote network. I have tried to turn on inspection for IPSEC with no luck when I dont have my machine with a Static NAT.

Pelase let me know if you have any questions.

Thanks!

0 Helpful

Iker Torrontegui
Level 1
Level 1

‎03-01-2013 07:03 AM

Ok, I tested this last night. I am able to ping the devices on the networks that are defined in the Split Tunnel. But i am not able to Trace Route, SSH, Telnet, RDP, or access any shares over the VPN. I am only able to ping. There is no firewall on any of my servers, switches, or NAS. I am able to replicate this on my Windows 7, Mac OS X 10.5, 10.7 and 10.8 machiens (which neither one has a firewall turned on).

Please let me know if you have any questions.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents