ā02-15-2013 06:07 AM - edited ā02-21-2020 06:42 PM
I have created Remote access vpn on ASA 5505 (ver 8.2(5) with base licence).
When I connect from one machine, I can ping the internal network. But when I connect from anothe machine, cant.
I have only decrypts on the ASA side, without encrypts.
I was debugging ICMP packets with the capture feature, and saw that echo-reply packets are returning toward the outside interface, but aren't passing thgrough it.
capture test access-list test interface outside
1: 08:54:44.298980 802.1Q vlan#1 P0 x.x.x.x > y.y.y.y: icmp: echo reply
Where x.x.x.x is LAN and y.y.y.y is the VPN client ip. The nat is ok, access lists are ok, but the packets dont pass through.
I tried creating new VPN profile but the same problem, it seems that only one remote client can be active even base licence allows more than 1 client.
I cannot figure what could be the problem.....
ā02-15-2013 10:55 AM
hi,
get captures for the dropped packets:
- cap drop type asp-drop all
- show cap drop (while running a ping from VPN client to inside)
let me know about the result
Mashal
ā02-18-2013 01:47 AM
Hi,
i tried it, and nothing is captured, except other regular traffic dropped by access lists.
Borut
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide