Re: VPN client to ASA5505 - Missing link to inside

et · ‎12-10-2009

Hi all - hope someone can help.

After testing many things it still not working :-(

Here is my little desk setup..

And my ASA setup see attached file..

My problem is that the client can't access anything on the inside also the other way around:

- no ping VPN Client to PC inside

- no ping PC Inside to VPN Client

- no ping from CLI to VPN Client

When i ping from from CLI to VPN Client i see the following on the VPN Client

The 5 ping passes the VPN tunnel but there is no respond

Any ideas

Regards

Christopher Bell · ‎12-10-2009

Try adding a specific route to your client pool using your ASA's next hop router.

So assume your next hop is 192.168.20.1

route outside 10.10.20.0 255.255.255.0 192.168.20.1

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

et · ‎12-12-2009

HI Christopher

That seems to solve the problem – cool.

The command you told me I changed a little:

route outside 10.10.20.0 255.255.255.0 192.168.20.1
to
route outside 10.10.20.0 255.255.255.0 192.168.20.110 (IP of VPN Client pc)

The tested setup is without internet.

Then it worked.

Thanks.

tprendergast · ‎12-11-2009

A few things...

1) route outside 0.0.0.0 0.0.0.0 192.168.20.100 1 -- this looks wrong. Your next hop outside is your own outside interface? That 192.168.20.100 should be the upstream gateway from your device.

2) Under your group policy, you are missing the split tunnel statements. This means no traffic is "interesting", so it doesn't go over the tunnel.

group-policy VPN attributes

split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_splitTunnelAcl

vpn-tunnel-protocol IPSec

Try that and let us know how it works out for you.

Cheers,

Tim

et · ‎12-12-2009

Reply error - sorry.

et · ‎12-12-2009

Hi again.

Now I have to take it to the next level – on the internet.

Then one question:

Is it enough to forward port 500 on router B to the ASA to get VPN to work ?

(Port 443 will also be forwarded to access the ASA setup)

Christopher Bell · ‎12-12-2009

I guess I don't really understand your question ... Are you trying to set up a site to site VPN between router B and the ASA? Or are you trying to set up a remote access VPN for outside clients.

Please consider scoring any answers that solved your issue.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

et · ‎12-12-2009

Hi again

Perhaps I need to do some explanation.

I’m trying to set up a VPN connection from the Service PC to a machine located somewhere in a factory.
The factory has its own internal network and the machine equipment is separated with the ASA5505.
To connect to the ASA5505, the Service PC uses ‘Cisco VPN client’.

First I tried to do a ‘desk setup’ to see if it works.
Now I tried it on the www and it is working – great.

Thanks all ..

et · ‎12-12-2009

Hi again

Perhaps I need to do some explanation.

I’m trying to set up a VPN connection from the Service PC to a machine located somewhere in a factory.
The factory has its own internal network and the machine equipment is separated with the ASA5505.
To connect to the ASA5505, the Service PC uses ‘Cisco VPN client’.

First I tried to do a ‘desk setup’ to see if it works.
Now I tried it on the www and it is working – great.

Thanks all ..

Kent Heide · ‎12-14-2009

I see now you got it working after posting a long tirade. Great :-)

Also you can use RRI for your route issues instead of adding it manually.

et · ‎12-14-2009

Hi all.

Arghhhh What is happening - a lot of double posting – sorry.

I think I have worked it out – so now it working – thanks all.

Regards - Thomsen