RV042 to ASA 5510 Tunnel Connected but No Network Access

joejcr001 · ‎04-02-2014

I have a tunnel connected between an RV042 (remote) and ASA 5510 (local network), but I can not ping, see or connect to any of the local network servers. Using the VPN client, I can connect to the 5510 and be able to see all of the servers on that network, ipconfig /all shows the tunnel ip address with using the client, but using the dedicated tunnel there is no such entry in the ipconfig /all.

These are all Windows Servers on the network, do I need to create WIN's entries or edit Host or Sam files to add the VPN? I was under the impression once the tunnel was connected, that was all that was needed.

Any and all assistance is greatly appriciated.

jmeggers · ‎04-03-2014

I have no experience with the RV042, and I can't find much in the way of config guides, but since no one has responded I'll jump in. Since I can't find documentation, I'm going to assume its IPSec configuration structure is generally similar to other Cisco devices.

If the tunnel comes up but no traffic passes, the first thing I would check is the crypto ACLs, to make sure they are mirror images of each other. For example if the two LAN networks are 10.1.1.0 and 10.2.2.0, you need to permit 10.1.1.0 to 10.2.2.0 on one side of the tunnel, and the other side needs to be 10.2.2.0 to 10.1.1.0. Don't use "any" as a parameter for crypto ACLs.

On the ASA, you can check "show crypto isakmp sa" and "show crypto ipsec sa" to see what security associations actually form and if anything is getting encrypted at all.

If you're on a host computer on the LAN, doing ipconfig /all won't really show you anything different for site-to-site VPN. Remote-access is a different story, which is why you're seeing the VPN assigned IP address on that host.