Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
223
Views
0
Helpful
2
Replies

Getting the ASA5505 VPN to work behind a 2921 router

Y W
Level 1
Level 1

‎06-14-2016 11:29 AM

Hi all,

I am trying to create a VPN access by using ASA5505 and using VPN client

We have the ISP which give us 4 public ip addresses.

The ISP dmarc is connected to a C2921, which use the first public ip address on its outside interface.

i did a static nat with a second ip address to the ASA5505's internal address.

Please see the drawing attached.

The ASA5505 have been configured and proven to work if attached directly to the dmarc with a outside link and internal network with inside link

My problem right now is that when reconfigured into the diagrammed scenario, i made it able to connect and VPN client shows connected, but I am unable to ping either 192.168.1.2 or the server/host on the inside network.

The 2921 must be attached to the dmarc, and the ASA5505 must remain attached to the switch.

any suggestions? Thanks in advance

Labels:
Preview file
22 KB
0 Helpful
2 Replies 2

Cisco Freak
Level 4
Level 4

‎06-14-2016 01:27 PM

Hey, 

Do you have the NAT exemption for VPN client range(172.16.1.10-20) in your 2921 router? Are you running split tunnel?

CF

0 Helpful

Y W
Level 1
Level 1
In response to Cisco Freak

‎06-14-2016 02:02 PM

hi Cisco Freak,

this is where my network knowledge becomes limited, but I always thought that when you VPN in, the device you are using brokers the connection to the inside network. Can you point me to the right direction of why is a NAT exempt needs to be implemented on the 2921 router?

Also yes split tunnel is enabled, again with my limitation on knowledge Split tunnel just send the traffic for the 192.168.1.x traffic via the VPN connection and all others via the normal local gateway. How does it influence the connection on this scenerio?

Many thanks.

0 Helpful
Customers Also Viewed These Support Documents