Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
2
Replies

bug in Remote access vpn?

borutlape
Level 1
Level 1

‎02-15-2013 06:07 AM - edited ‎02-21-2020 06:42 PM

I have created Remote access vpn on  ASA 5505 (ver 8.2(5) with base licence).

When I connect from one machine, I can ping the internal network. But when I connect from anothe machine, cant.

I have only decrypts on the ASA side, without encrypts.

I was debugging ICMP packets with the capture feature, and saw that echo-reply packets are returning toward the outside interface, but aren't passing thgrough it.

capture test access-list test interface outside

   1: 08:54:44.298980 802.1Q vlan#1 P0 x.x.x.x > y.y.y.y: icmp: echo reply

Where x.x.x.x is LAN and y.y.y.y  is the VPN client ip. The nat is ok, access lists are ok, but the packets dont pass through.

I tried creating new VPN profile but the same problem, it seems that only one remote client can be active even base licence allows more than 1 client.

I cannot figure what could be the problem.....

Labels:
0 Helpful
2 Replies 2

malshbou
Level 1
Level 1

‎02-15-2013 10:55 AM

hi,

get captures for the dropped packets:

- cap drop type asp-drop all

- show cap drop (while running a ping from VPN client to inside)

let me know about the result

Mashal

------------------ Mashal Shboul
0 Helpful

borutlape
Level 1
Level 1
In response to malshbou

‎02-18-2013 01:47 AM

Hi,

i tried it, and nothing is captured, except other regular traffic dropped by access lists.

Borut

0 Helpful
Customers Also Viewed These Support Documents