Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
3
Replies

VPN on ASA5550

Go to solution
Leo Bruni
Level 1
Level 1

‎08-23-2010 05:37 AM

I have set up a Remote Access VPN using IPSEC on an ASA 5550. All group and user configurations are completed. A VPN session is establised using Cisco Client software, but I am not able to access the internal network.  Any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
uwkleinh
Cisco Employee
Cisco Employee
In response to rahgovin

‎08-23-2010 03:07 PM

check the following:

- ACL's on the interface

- NAT rules

- routes on the internal destination, make sure it knows how to get back to the ASA, either by default GW or specific route to the VPN pool subnet (assigned IP address)

- make sure you don't use a VPN-filter

- try to assign a specific IP address to a user and test

- capture tool on the ASA is very useful to see if you are getting a response from the destination

- look for anything suspicious in the log

TIP:

Address space overlaps can be cumbersome to troubleshoot, especially if you use a lot or object groups.

Also to avoid ARP issues, try to use a subnet other then the inside assigned netblock. I've also seen duplicate IP address and all sorts of strange things.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rahgovin
Level 4
Level 4

‎08-23-2010 06:30 AM

I would suggest in looking through the nat rules(nat exempt between pool and internal network to be specific), vpn filters if any and also if all the routes are right between the client pool abd the internal network. Also if you have configured split tunnneling, if all you internal networks are included.

0 Helpful

Go to solution
uwkleinh
Cisco Employee
Cisco Employee
In response to rahgovin

‎08-23-2010 03:07 PM

check the following:

- ACL's on the interface

- NAT rules

- routes on the internal destination, make sure it knows how to get back to the ASA, either by default GW or specific route to the VPN pool subnet (assigned IP address)

- make sure you don't use a VPN-filter

- try to assign a specific IP address to a user and test

- capture tool on the ASA is very useful to see if you are getting a response from the destination

- look for anything suspicious in the log

TIP:

Address space overlaps can be cumbersome to troubleshoot, especially if you use a lot or object groups.

Also to avoid ARP issues, try to use a subnet other then the inside assigned netblock. I've also seen duplicate IP address and all sorts of strange things.

0 Helpful

Go to solution
Leo Bruni
Level 1
Level 1
In response to uwkleinh

‎08-24-2010 03:57 AM

Thanks all. It is working fine now.

0 Helpful
Customers Also Viewed These Support Documents