11-16-2010 05:39 AM
After a hardware issue we have to change the ASA to a new one but the same Model. The old flashcard works without a Problem. But the VPN Conection work not correct. I change the Base LIcens to Security Plus but without any chnage in the Problem. Can some one say me where the Problem could be.
11-17-2010 01:40 AM
Can you ping the outside IP or name of your ASA ??
Also, please provide us the output of show route.
Cheers,
Nash.
11-17-2010 08:17 AM
Hi,
I noticed your dynamic crypto map has no transform set defined. Please add the below command and see if it helps.
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA
Let me know if this helps!!
Thanks and Regards,
Prapanch
11-18-2010 07:31 AM
Yes the VPN works now with the correct statement. Now we have the same problem before we lost our asa due to water ...... The Exchange Server cannot be connectet......
11-18-2010 07:52 AM
Hi Phillip,
Could you please elaborate about the Exchange server issue you were facing?
Regards,
Prapanch
11-18-2010 09:59 AM
Last time we have this Problem this was an IP-address conflict with the Small Business Server. The DHCP Pool from the ASA was in trouble with the DHCP Pool of the SBS. We exclude the leasing range from 192.168.10.120 - 192.168.10.149 in the DHCP and give the VPN this Range. From that Day it works fine. Now the same issue with my Boss IPhone, (BIG TOY !! nothing more BB is much better:-) ) but the last solution not work.
11-19-2010 09:34 PM
Hey Phil,
I am still not sure i got the problem. Could you please post a topology as well?
Cheers,
Prapanch
11-23-2010 02:16 AM
Problem solved.
1. MS SBS Server is the DHCP Server
2. ASA5505 give any VPN Connection a IP-Address
2.1 Over the DHCP - Server
2.2 Over a Range Profile
2.3 Over a direct IP-Address in the VPN User Profile.
Here was the Problem. I gave the Tunnelgroup the DHCP Server and the Range. But on the DHCP Server this Range was excluded. So the ASA give every Client a Address of the given Pool. But this Pool was blocked on the DHCP - Server. Due to Luck sometimes the Client had a connection sometimes not.
The Solution:
1. open the IP- Address Pool on the DHCP Server
2. no entry of DHCP - Server in the Tunnelgroup
3. use the Address Pool of the ASA
I Think the ASA leased a Address from the Server in the given Pool. The Server has a Rule that not allowed this Range and so the problem occurred.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide