Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
5
Replies

remote access vpn wizard doesn't work?

Go to solution
mdschomburg
Level 1
Level 1

‎04-04-2013 01:39 PM - edited ‎02-21-2020 06:48 PM

I have a brand new ASA 5505 running version 8.2(5). Got connected with the ASDM and ran the setup wizard and the remote access VPN wizard. I am not able to ping the outside interface from the internet, and my VPN client gets no response when trying to connect. Config is attached. Any suggestions?

Labels:
15357773-config.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mdschomburg

‎04-04-2013 02:10 PM

Hi,

1.) You need the default route for the ASA to be able to send traffic back to the VPN connection initiator

2.) I would imagine that this is something either done manually when creating the basic configuration for the firewall OR perhaps the Startup Wizard would handle this when doing the basic setup of the ASA initially.

- Jouni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-04-2013 01:49 PM

Hi,

I cant see any default route configured

route outside 0.0.0.0 0.0.0.0

Hope this helps

- Jouni

0 Helpful

Go to solution
mdschomburg
Level 1
Level 1
In response to Jouni Forss

‎04-04-2013 01:57 PM

This ASA is intended only to provide remote access for administration of servers on the inside network. No internet access is wanted from inside to outside. I guess I have two questions:

1. When I initiate a connection to the outside IP address from my VPN client, I get no response from the ASA at all. Will adding a default route cause the ASA to respond to the phase 1 packet from the client?

2. If a default route is necessary, why didn't the basic wizard or the VPN wizard mention it?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mdschomburg

‎04-04-2013 02:10 PM

Hi,

1.) You need the default route for the ASA to be able to send traffic back to the VPN connection initiator

2.) I would imagine that this is something either done manually when creating the basic configuration for the firewall OR perhaps the Startup Wizard would handle this when doing the basic setup of the ASA initially.

- Jouni

0 Helpful

Go to solution
mdschomburg
Level 1
Level 1
In response to Jouni Forss

‎04-04-2013 02:19 PM

Thanks very much for your help. I now realize how obvious the need for the default route is. Just as a point of interest, however, the startup wizard does not configure it. Also resetting the box to factory default does not erase the enable password.

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mdschomburg

‎04-04-2013 02:25 PM

Oh,

To be honest I have never used the graphical interface to build the default configuration for an ASA. I started configuring Cisco firewalls with some old PIX firewalls with old software and did everything with the CLI so it kind stuck with me.

I did now test on my own home ASA 5505 the Startup Wizard but as you say it doesnt seem to give any section where I would configure the default route. (Unless the "outside" was using DHCP to aquire IP address and would therefore get the default route from the DHCP server)

I think the command "clear configure all" might clear all configurations. But not sure.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents