cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
1
Replies

Vpn Problem with ASA 7.04

belihe
Level 1
Level 1

I have a problem with vpn client access and local ip pool. In Pix version 6.3x when i created ip local pool an object was also created under Hosts/Network and there was no problem to give this object (ip pool) access outside_access_in , but

in my ASA 7.04 there are no object created under Hosts/Networks. I have tried to use a filter (Filter_Av_10) under "Group-Policy" but i can´t get any traffic trough (see configuration below). It´s only working when i give the network 10.1.1.0/25 (ip pool) access outside_access_in (in Security Policy), is this the right way to do this?.

Could someone please explain this to me.

access-list Inside_access_in extended permit ip any any

access-list Outside_access_in extended permit icmp any any echo-reply

access-list Outside_access_in extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0

access-list Filter_Av_10 extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0

access-list easyv_av_butiker_splitTunnelAcl standard permit 192.0.0.0 255.255.255.0

access-list Outside_cryptomap_dyn_20 extended permit ip 192.0.0.0 255.255.255.0 10.1.1.0 255.255.255.128

global (Outside) 10 interface

global (DMZ) 10 interface

nat (DMZ) 10 192.0.3.0 255.255.255.0

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 10 192.0.0.0 255.255.255.0

access-group Outside_access_in in interface Outside

access-group DMZ_access_in in interface DMZ

access-group Inside_access_in in interface Inside

access-group management_access_in in interface management

group-policy easyv_av_butiker internal

group-policy easyv_av_butiker attributes

vpn-filter value Filter_Av_10

split-tunnel-policy tunnelspecified

split-tunnel-network-list value easyv_av_butiker_splitTunnelAcl

webvpn

username xxx password xxx encrypted privilege 15

username xxx password xxx encrypted privilege 0

username xxx attributes

vpn-group-policy easyv_av_butiker

webvpn

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group easyv_av_butiker type ipsec-ra

tunnel-group easyv_av_butiker general-attributes

address-pool pool_10

default-group-policy easyv_av_butiker

tunnel-group easyv_av_butiker ipsec-attributes

pre-shared-key *

/Regards

1 Reply 1

pradeepde
Level 5
Level 5

To define the VPN Clients' IP address pool, perform the following tasks

Define the VPN Client's Local IP Address Pool

Reference the Local IP Address Pool to Reference IKE

Specify Gateway-initiated IKE Mode Configuration

The configuration given in the following url will give an idea to confiure VPN client.

http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_configuration_example09186a008017ee15.shtml