Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
1
Replies

Totally Disappointed ! No solution

Go to solution
ThomasMull9000
Level 1
Level 1

‎10-23-2011 07:38 AM

I bought two ASA 5505 Security Adaptive , my mission was to create Vpn REMOTE Access ipsec that i can access through the internet , i can connect through the VPN , but the problem i can't reach my private or inside network of 192 ., i search it , google it, posted to cisco support , but still i have not a solution , i don't no why , so guys can any one help me iam frustrated

Here is my configuration ---

: Saved

:

ASA Version 8.2(1)

!

hostname THOMAS

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.30.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 41.100.100.14 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

access-list thomas_splitTunnelAcl standard permit 192.168.30.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 155.155.155.0 255.255.255.240

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool VPN-Pool 155.155.155.1-155.155.155.10 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy thomas internal

group-policy thomas attributes

dns-server value 193.251.143.162 8.8.8.8

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value thomas_splitTunnelAcl

username thomas password 4rYXftGzljohPmJv encrypted privilege 0

username thomas attributes

vpn-group-policy thomas

tunnel-group thomas type remote-access

tunnel-group thomas general-attributes

address-pool VPN-Pool

default-group-policy thomas

tunnel-group thomas ipsec-attributes

pre-shared-key *

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:bb9865b5f22c868ee8c213a2bd4dde7a

: end

no asdm history enable

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎10-23-2011 11:20 AM

You have 2 issues

1 you are using an Internet routable ip address for the rvpn. Change to a rfc1918 address

2 your asa does not have a default route.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
1 Reply 1

Go to solution
andrew.prince
Level 10
Level 10

‎10-23-2011 11:20 AM

You have 2 issues

1 you are using an Internet routable ip address for the rvpn. Change to a rfc1918 address

2 your asa does not have a default route.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents