cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1191
Views
0
Helpful
1
Replies

Not able to connect to RV042 using QuickVPN client through remote ASA firewall

Steve Dixon
Level 1
Level 1

Situation:

-RV042(v3) with latest firmware (as of today)

-Remote user behind a Cisco ASA 5505 (runing 8.4 firmware) is not able to connect using the QuickVPN client

-Quick always fails the "Verifying network" phase

-QuickVPN can connect from other locations through different routers (example: Cisco Small Business Support said it worked for them)

-Remote user station is running Windows 7 SP1 32bit

Layout:

ServerA--SiteA--RV042--Internet--ASA--SiteB--RemoteUser

Can anyone suggest how I can configure the ASA to permit the QuickVPN client at the remote site (with the ASA) to connect to the RV042 at SiteA?

Alternatively, advise how I might troubleshoot this?

I suspect it could be a matter of identifying what is being dropped by the ASA (maybe an ICMP packet).  I do know the ASA does permit stations at SiteB to ping internet addresses (so ping and reply packets are permitted for normal NAT traffic).  Or perhaps it is dropping or not routing the encrypted return traffic (which my logic would indicate should not be treated any different than other traffic).

In my case the RV042 is a client's firewall/router and we want to be able to connect to it from SiteB.

FYI, on a scale of 1 to 10 my skills with the ASA would be about 4 (I could set one up act as a NAT router and get L2TP\IPSEC VPN to work, but not much else).  I'm hestitant to just log a TAC because the VPN client will likely be considered 3rd party to the ASA support group (same company, different division).

FYI: just before submitting this to the forum I found this article which I'll try later today:

Title: CISCO ASA 5510, 5505 Creating A VPN Passthrough

http://devnote.stokemaster.com/2008/04/cisco-asa-5510-5505-creating-vpn.html

1 Reply 1

Steve Dixon
Level 1
Level 1

I tried the info from the lnk above and was not successful.

-creating three access rules for esp, udp/isakmp and udp/4500 did not resolve the issue

-neither did adding the ipsec passthrough setting on the default inspection list (was worth a shot)

-maybe I did not do it correctly, but it looked right from the CLI compared to the examples (save for using interfaces and not ip's)