cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
298
Views
15
Helpful
4
Replies
Highlighted
Beginner

VPN Web Portal on FPR1120

Hi all,

 

I currently have a setup as follows:

 

ISP - Edgerouter Lite - Cisco FPR1120 - Internal Network

 

I have set up a test network for testing the Remote Access VPN setup using Anyconnect Plus.

 

Edgerouter Lite has an ip of 192.168.1.1, outside interface of FPR 1120 is 192.168.1.2.

Internal interface of FPR1120 is 192.168.2.1, internal network of type 192.168.2.0/24

 

The VPN has been set up exactly as outlined in the instructions here:

 

https://www.petenetlive.com/KB/Article/0001682

 

With the exception of the identity source that is an ADRealm rather than LocalIndentitySource.

 

Once the VPN connection was deployed i tried to access the outside interface IP at https://192.168.1.2 from the internal network to get the VPN Web Portal. however the connection times out. I am also unable to ping this ip from a client pc sitting on the inside network (192.168.2.100). I am however able to ping the edgerouter at 192.168.1.1 from the inside network.

 

Unsure why the WebVPN portal is not working, can anyone help please? I've tried using "show webvpn" on the FPR1120 command line but get a "Command Execution Failed" message.

 

Thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hi,

Plug a computer into the outside network of the ASA and attempt to connect to the VPN, don't test from the inside network. Alternatively enable the VPN on the inside interface and connect to the inside interface. You'd also need to setup NAT from your ISP to the ASA's inside interface.

 

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface (inside) to a far interface (outside).

 

HTH

View solution in original post

4 REPLIES 4
Highlighted
VIP Mentor

Hi,

Plug a computer into the outside network of the ASA and attempt to connect to the VPN, don't test from the inside network. Alternatively enable the VPN on the inside interface and connect to the inside interface. You'd also need to setup NAT from your ISP to the ASA's inside interface.

 

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface (inside) to a far interface (outside).

 

HTH

View solution in original post

Highlighted
Enthusiast

@Smitster 

 

Connect to the external interface and repeat the test, it should be absolutely fine, unfortunately the way that the traffic flows on the FP is not that easy. 

Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.
Highlighted
Beginner

 

 

Highlighted
Beginner

Thanks both, that’s sorted it

Content for Community-Ad