cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
27
Helpful
9
Replies
Highlighted
Beginner

Cisco ASA 5520 VPN

                   Hello, my name is Jeremy Rose, I am a greenhorn..

I am trying to set up a VPN into a private network to access a server from the outside of our firewall.

The VPN works, however, we cannot communicate with the server once the VPN is up.

I can provide more info as requested, any reccomendations ladies and/or gentlemen?

Thanks,

Jeremy

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Make sure that the interesting traffic matches on both ends basically.  So if your server is 192.168.1.10 and it changed to 10.1.1.10 you will need to update that under the crypto map ACL.

View solution in original post

9 REPLIES 9
Highlighted

Hi Jeremy,

If the tunnel is up but not traffic is passing across, we could check:

1- NAT rules (make sure you have a NAT exempt rule for this traffic).

2- Routing issues.

3- Internal FW issues.

You could share the configuration of both peers (removing public IPs, DNS, domain-name, usernames and any other confidential information).

HTH.

Portu.

Please rate any helpful posts

Highlighted

I'm still hitting a brick wall, sir or madam.

One last question before I get configs censored to post.. which would require a lot of scenario explaining..

If the private network ip scheme (where the server resides, that we are trying to reach through vpn, from the cloud) changes to a new scheme, what would need to be changed besides the old addresses to the new addresses?

Highlighted

Jeremy,

That should be it, replace the old IPs with the new ones.

THanks.

Portu.

Highlighted

Make sure that the interesting traffic matches on both ends basically.  So if your server is 192.168.1.10 and it changed to 10.1.1.10 you will need to update that under the crypto map ACL.

View solution in original post

Highlighted

Thanks for adding more details Mohammad! 5 stars

Highlighted

Thank you.  I wonder if the issue has been resolved.

Highlighted
Beginner

Yeah, no the issue is still lingering, in all honesty it's because of the weekend.

I'll be working on this today, hopefully can get it done before noon here, but we shall see.

What Mohmmad metioned is pretty well spot on I think, we only had addresses change. So what I need to do is go back and check the changes made when we originally tried to change them. I must have missed something, as I said, we can get the tunnel established but the traffic won't flow. So I feel that it's in ACL or NAT, where we missed.

Highlighted

Partial success, traffic is passing to the network now, however we cannot reach the server, but we can reach other things on the network. At this point, we believe it's the caretakers of the server now..

Thank you for listening,

Jeremy

Highlighted

Thanks for sharing the good news Jeremy

Please rate any helpful posts and mark this question as answered

Have a nice day.

Content for Community-Ad