06-24-2008 11:57 PM
Hi,
I'm facing an issue while doing easy VPN with network extension mode.
I have a setup
192.100.100.0/24 ---inside (ASA5510 Central ) outside 80.2XX.1XX.1XX --------dynamic ADSL router 192.168.16.1-----192.168.16.21 outside (ASA5505 remote) inside 192.168.1.0/24
I configured the easy VPN with network extension between the central and remote sites I can see that the VPN is up but I'm unable to ping the LAN IPs from the server and remote client attacing the configs also.Split tunnel is also configured.
I cannot reach to the server LAN(192.100.100.0/24) from the remote(192.168.1.0/24) and Vice versa
06-25-2008 01:28 PM
06-30-2008 12:08 AM
hi,
your ACL should be like this..
access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.100.100.0 255.255.255.0.
and type "no vpnclient enable" on server and also verfiy that sysopt connection permit-ipsec.
just remove nat-traversal from default crypto policy and retype it in isakmp policy 10.
Let see it works
06-30-2008 09:14 AM
Can you post the output of :
sh cry ipsec sa
sh vpnclient
from the EZvPN client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide