09-26-2008 03:25 AM - edited 02-21-2020 03:57 PM
Hi,
We've built a Remote Access VPN on our ASA5520 here and have run into something odd. I think so anyway.
Only one user can VPN in and actually access our network at a time. Any other users can log in but are essentially isolated. They can't access any equipment on our network.
I'm using a IP pool for VPN users of 10.2.10.0/24... the only pingable address on that network is the first user who logged in. No one else is pingable from each other, or from any device on our network.
Has anyone seen this before?
Thanks
09-26-2008 04:50 AM
To add to this.
I do see the VPN connection establish on the ASDM Log window, but I do not see any log messages when I attempt to ping or access a device from the faulty connection.
From the 1 working connection, I do.
It's almost like the info is being routed elsewhere...
09-26-2008 05:43 AM
There is no config here . Can you paste it?
09-26-2008 06:12 AM
To solve an issue early the reason why "No one else is pingable from each other" is you are not allowin intra-interface communication:-
Add the following:-
same-security-traffic permit intra-interface
This will allow multiple VPN client connections to communicate with each other.
Post your config for a review of only 1 user at a time issue.
HTH>
09-26-2008 07:29 AM
I am not sure if this issue is happening because of following observation.
The config is using ip 10.2.10.255 in the VPN pool , we cannot use this ip address as this is broadcast ip in the VPN pool subnet. Do the following and then check connecting vpn clients and post results.
no ip local pool ifn_noc_ips 10.2.10.1-10.2.10.255 mask 255.255.255.0
ip local pool ifn_noc_ips 10.2.10.1-10.2.10.254 mask 255.255.255.0
HTH
Saju
Pls rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide