I am a contractor for a customer of mine who has a Cisco ASA box with an IPsec VPN set up too allow me remote access. I can connect and do my work through the VPN at home without any problems, but from my office I can login to the vpn just fine (at least it appears to be fine), however when I try to remote in to the machine that I always use from home I can't get in. I can't ping it either. I can't do anything.
How should I begin to troubleshoot this? All of the settings appear to be the same between home and my office. Both Windows 7 64 bit (but different editions) and both using the same Cisco VPN client 5.0.07.0290.
Any help is appreciated.
Can you connect from your office to a different site via a VPN connection and access the resources through the tunnel?
The reason I ask is because it might be possible that from your office, ESP is being blocked.
When connecting remotely from a VPN client there are several ways to connect.
For example, using IPsec/UDP, NAT-T, IPsec/TCP.
If the ASA allows IPsec/TCP you can try that in case that regular UDP 500 is being blocked.
When connecting normally from the office you can right click on the VPN client and check under statistics to see if packets are being sent from the client (encrypted), also check if packets are being received (decrypted).
I had already tried IPsec/TCP and it did not work either.
When I look at the VPN client statistics I see a lot of bytes sent, but none received. I also see many encrypted packets, but none decrypted and many "discarded" or "bypassed".
With the ASAs now you can create an ACL applied to the outside interface and filter traffic directed to-the-box.
Just to check could this be the case?
The ACL could be allowing VPN traffic from certain IPs only?
Do you have access to the ASA's configuration?
No, I don't have access to the ASA's configuration, but I don't think that's the problem because I've worked with the tech that setup the vpn and he knows I'm trying to connect. Plus, I don't have a static IP at home so I would expect to have connection issues from home as well if IP filtering were enabled.