Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
10
Helpful
4
Replies

VPN Web Portal on FPR1120

Go to solution
Smitster
Level 1
Level 1

‎09-07-2020 05:39 AM

Hi all,

 

I currently have a setup as follows:

 

ISP - Edgerouter Lite - Cisco FPR1120 - Internal Network

 

I have set up a test network for testing the Remote Access VPN setup using Anyconnect Plus.

 

Edgerouter Lite has an ip of 192.168.1.1, outside interface of FPR 1120 is 192.168.1.2.

Internal interface of FPR1120 is 192.168.2.1, internal network of type 192.168.2.0/24

 

The VPN has been set up exactly as outlined in the instructions here:

 

https://www.petenetlive.com/KB/Article/0001682

 

With the exception of the identity source that is an ADRealm rather than LocalIndentitySource.

 

Once the VPN connection was deployed i tried to access the outside interface IP at https://192.168.1.2 from the internal network to get the VPN Web Portal. however the connection times out. I am also unable to ping this ip from a client pc sitting on the inside network (192.168.2.100). I am however able to ping the edgerouter at 192.168.1.1 from the inside network.

 

Unsure why the WebVPN portal is not working, can anyone help please? I've tried using "show webvpn" on the FPR1120 command line but get a "Command Execution Failed" message.

 

Thanks in advance,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-07-2020 05:59 AM

Hi,

Plug a computer into the outside network of the ASA and attempt to connect to the VPN, don't test from the inside network. Alternatively enable the VPN on the inside interface and connect to the inside interface. You'd also need to setup NAT from your ISP to the ASA's inside interface.

 

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface (inside) to a far interface (outside).

 

HTH

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎09-07-2020 05:59 AM

Hi,

Plug a computer into the outside network of the ASA and attempt to connect to the VPN, don't test from the inside network. Alternatively enable the VPN on the inside interface and connect to the inside interface. You'd also need to setup NAT from your ISP to the ASA's inside interface.

 

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface (inside) to a far interface (outside).

 

HTH

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎09-09-2020 04:50 PM

@Smitster 

 

Connect to the external interface and repeat the test, it should be absolutely fine, unfortunately the way that the traffic flows on the FP is not that easy. 

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Go to solution
Smitster1
Level 1
Level 1

‎09-10-2020 01:43 AM - edited ‎09-10-2020 01:45 AM

 

 

0 Helpful

Go to solution
Smitster
Level 1
Level 1

‎09-10-2020 01:58 AM

Thanks both, that’s sorted it

0 Helpful
Customers Also Viewed These Support Documents