Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
27
Helpful
9
Replies

Cisco ASA 5520 VPN

Go to solution
j3r3myBrose
Level 1
Level 1

‎10-25-2012 08:26 AM

                   Hello, my name is Jeremy Rose, I am a greenhorn..

I am trying to set up a VPN into a private network to access a server from the outside of our firewall.

The VPN works, however, we cannot communicate with the server once the VPN is up.

I can provide more info as requested, any reccomendations ladies and/or gentlemen?

Thanks,

Jeremy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ALIAOF_
Level 6
Level 6
In response to j3r3myBrose

‎10-25-2012 01:05 PM

Make sure that the interesting traffic matches on both ends basically.  So if your server is 192.168.1.10 and it changed to 10.1.1.10 you will need to update that under the crypto map ACL.

View solution in original post

9 Replies 9

Go to solution
Javier Portuguez
Level 9
Level 9

‎10-25-2012 09:35 AM

Hi Jeremy,

If the tunnel is up but not traffic is passing across, we could check:

1- NAT rules (make sure you have a NAT exempt rule for this traffic).

2- Routing issues.

3- Internal FW issues.

You could share the configuration of both peers (removing public IPs, DNS, domain-name, usernames and any other confidential information).

HTH.

Portu.

Please rate any helpful posts

Go to solution
j3r3myBrose
Level 1
Level 1
In response to Javier Portuguez

‎10-25-2012 12:47 PM

I'm still hitting a brick wall, sir or madam.

One last question before I get configs censored to post.. which would require a lot of scenario explaining..

If the private network ip scheme (where the server resides, that we are trying to reach through vpn, from the cloud) changes to a new scheme, what would need to be changed besides the old addresses to the new addresses?

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to j3r3myBrose

‎10-25-2012 12:53 PM

Jeremy,

That should be it, replace the old IPs with the new ones.

THanks.

Portu.

Go to solution
ALIAOF_
Level 6
Level 6
In response to j3r3myBrose

‎10-25-2012 01:05 PM

Make sure that the interesting traffic matches on both ends basically.  So if your server is 192.168.1.10 and it changed to 10.1.1.10 you will need to update that under the crypto map ACL.

Go to solution
Javier Portuguez
Level 9
Level 9
In response to ALIAOF_

‎10-25-2012 01:07 PM

Thanks for adding more details Mohammad! 5 stars

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to Javier Portuguez

‎10-26-2012 04:24 PM

Thank you.  I wonder if the issue has been resolved.

0 Helpful

Go to solution
j3r3myBrose
Level 1
Level 1

‎10-29-2012 04:52 AM

Yeah, no the issue is still lingering, in all honesty it's because of the weekend.

I'll be working on this today, hopefully can get it done before noon here, but we shall see.

What Mohmmad metioned is pretty well spot on I think, we only had addresses change. So what I need to do is go back and check the changes made when we originally tried to change them. I must have missed something, as I said, we can get the tunnel established but the traffic won't flow. So I feel that it's in ACL or NAT, where we missed.

0 Helpful

Go to solution
j3r3myBrose
Level 1
Level 1
In response to j3r3myBrose

‎10-29-2012 11:31 AM

Partial success, traffic is passing to the network now, however we cannot reach the server, but we can reach other things on the network. At this point, we believe it's the caretakers of the server now..

Thank you for listening,

Jeremy

Go to solution
Javier Portuguez
Level 9
Level 9
In response to j3r3myBrose

‎10-29-2012 11:34 AM

Thanks for sharing the good news Jeremy

Please rate any helpful posts and mark this question as answered

Have a nice day.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents