Hell Everybody,
Sorry for my english but I'm French and I don't speek Englsih very well.
I configured à VPN Ipsec Connetion to an ASA5505 for a client.
I can connect without problems to the ASA and I receive the correct Ip Address. But I can't do nothing, ping, rdp,...
See a litle description
Home --------VPN----------> Outside ASA (PPOE) --------------------> Inside (192.168.10.0/24)
The remote VPN address pool is 192.168.20.0/24
ASA-COPAS# write t
: Saved
:
ASA Version 8.2(5)
!
hostname ASA-COPAS
domain-name copas.lu
enable password Z64xpU91umTXJNBb encrypted
passwd mdqgUWurX2Iw.1.m encrypted
names
name 192.168.10.1 SBS2011-DC description Domain Server
name 192.168.10.254 ASA5505
name 192.168.120.0 ENTENTES-NETWORK description Network of EGIPA/EFJ/EGCA
!
interface Ethernet0/0
switchport access vlan 20
!
interface Ethernet0/1
switchport access vlan 10
!
interface Ethernet0/2
switchport access vlan 30
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan10
nameif inside
security-level 100
ip address ASA5505 255.255.255.0
!
interface Vlan20
nameif Outside
security-level 0
ip address pppoe setroute
!
ftp mode passive
dns server-group DefaultDNS
domain-name copas.lu
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object icmp
protocol-object tcp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object tcp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object udp
protocol-object tcp
object-group service RDP tcp
port-object eq 3389
access-list outside_access_in extended permit tcp any host SBS2011-DC eq https
access-list outside_in remark Permit traffic to exchange - 15/03/2012
access-list outside_in extended permit tcp any interface Outside eq smtp
access-list outside_in remark Permit OWA access - 15/03/2012
access-list outside_in extended permit tcp any interface Outside eq https
access-list outside_in extended permit icmp any any
access-list outside_in extended permit tcp any any object-group RDP
access-list nat0_acl extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0
access-list splitttunnel standard permit 192.168.10.0 255.255.255.0
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 1
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 E
access-list inside_access_in remark Permit Internet Traffic
access-list inside_access_in extended permit tcp 192.168.10.0 255.255.255.0 any
access-list inside_access_in remark Permit DNS request
access-list inside_access_in extended permit udp host SBS2011-DC any eq domain
access-list inside_access_in remark Permit HTTPS Traffic
access-list inside_access_in extended permit tcp 192.168.10.0 255.255.255.0 any
access-list inside_access_in remark Permit SMTP traffic
access-list inside_access_in extended permit tcp host SBS2011-DC any eq smtp
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit icmp any any echo-reply
access-list splittunnel standard permit 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu Outside 1500
ip local pool vpnpool 192.168.20.1-192.168.20.50
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (Outside) 1 interface
nat (inside) 0 access-list nat0_acl
nat (inside) 1 192.168.10.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,Outside) tcp interface 3389 SBS2011-DC 3389 netmask 255.255.255.2
static (inside,Outside) tcp interface smtp SBS2011-DC smtp netmask 255.255.255.2
static (inside,Outside) tcp interface https SBS2011-DC https netmask 255.255.255
access-group inside_access_in in interface inside
access-group outside_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 ASA5505 1
route inside ENTENTES-NETWORK 255.255.255.0 ASA5505 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 6
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh 192.168.20.0 255.255.255.0 inside
ssh 192.168.20.0 255.255.255.0 Outside
ssh timeout 5
console timeout 0
management-access inside
vpdn group COPAS request dialout pppoe
vpdn group COPAS localname w.11.100219.1
vpdn group COPAS ppp authentication pap
vpdn username w.11.100219.1 password *****
dhcpd auto_config Outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy remotevpn internal
group-policy remotevpn attributes
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnel
username support password MEoT5LGS1rX8h2hM encrypted
username qits password IxwD9AtR5a.jldfo encrypted
tunnel-group remotevpn type remote-access
tunnel-group remotevpn general-attributes
address-pool vpnpool
default-group-policy remotevpn
tunnel-group remotevpn ipsec-attributes
pre-shared-key *****
!
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1712110322795c9d231dcc80a35edad1
: end
[OK]
ASA-COPAS#
Thanks by advance,
