06-30-2010 09:47 AM
Just switched over from an ASA5505 to the ASA 5510 today and in the process of setting up the Remote Access VPN connection. Ran the wizard using asdm and setup the vpn - worked like a charm, installed a few programs remotely and all was well.
Well i went into the Interfaces menu(ASDM) and selected "Enable traffic between two or more interfaces which are configured with same security levels"
After that point, all vpn connections cannot connect to any internal machines - firewall log says:
Through the device packet to/from management network is denied; icmp src management:192.168.1.65 dst outside:192.168.ff1.175(type0, code0) the 175 is the vpn computer connected.
Problem is 192.168.1.65 is on the internal network not the management network so why does it apply the management acl?
I've gone back and disabled traffic between like security level interfaces and still no go. Thinks all internals are on management interface and i can't figure it out.
All other communications are fine at this point - just the vpn clients get this message.
Thanks in advance,
E B
06-30-2010 10:11 AM
Hi,
Seems something got messed-up in the configuration.
Can you post the relevant part of your configuration?
Federico.
07-01-2010 10:52 AM
Well I did eventually figure out a way around this.
We were using an ip address pool in the same subnet as our internal network - this was a problem.
I created a new vlan for the vpn - setup split tunneling on the connection to expose our internal network to that vlan and all is working fine now.
Cisco Newb
E B
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide