Cisco VPN :: ASA 5505 / 5510 - VPN Client Accessing Remote LAN
Apr 2, 2012
Trying to figure out how to configure the VPN client side to access a remote LAN.
Lan A - 172.16.17.0 - ASA5505 8.2(3)
Lan B - 200.200.0.0 - ASA5510
Cisco Client - V5
At present there exist a VPN tunnel between LAN A and LAN B. The client has a VPN tunnel to LAN A to run software package X on the LAN A server. The client also needs to run software package Y which needs access to a database on LAN B. The computers on LAN A have no problem using package Y since a VPN tunnel exist between LAN A and LAN B. How can I get the Client to also access LAN B on the same tunnel created when the client connects to LAN A? I can't seem to get packets that are directed to LAN B to cross the Client tunnel to A which would then hopefully move onto the LAN A/ LAN B tunnel.
View 2 Replies
ADVERTISEMENT
Apr 3, 2013
I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.I've also tried pinging it and telneting to port 3390 with no success.
Here is the config.
ASA Version 8.4(4)1
!
!
interface Ethernet0/0
switchport access vlan 3
!
interface Ethernet0/1
[code]...
View 11 Replies
View Related
Dec 17, 2012
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
View 2 Replies
View Related
Feb 2, 2012
I try to configure a simple EzVPN infrastructure:
EzVPN Server (CISCO2811, hostname cme) < -- > EzVPN Remote (ASA5505, hostname ezvpn-asa) < -- > Client
Attached you find both configuration of the EzVPN server and remote. The tunnel is getting up and if I ping from the ASA to the Router, I see the packets getting encrypted:
ezvpn-asa# ping 172.16.100.1
...
ezvpn-asa# show crypto ipsec sa
interface: outside
Crypto map tag: _vpnc_cm, seq num: 10, local addr: 172.16.100.2
[code]....
If I connect a client with IP address 192.168.1.2 to the interface eth0/1 and do a ping to the cme, I don't see any packets getting encrypted. I don't have any idea about VPN, I just need it for a wireless lab environment. What do I have to configure on the ASA, so the inside traffic is encrypted?
View 2 Replies
View Related
Mar 10, 2013
I have an ASA 5505 that is on the perimeter of a hub & spoke vpn network, when I connect to this device using the VPN client I can connect to any device across the VPN infrastructure with the exception of the sub net that the client is connected to, for instance:
VPN client internal network connects to 192.168.113.0 /24 and is issued that ip address 192.168.113.200, the VPN client can be pinged from another device in this network however the client cannot access anything on this sub net, all other sites can be accessed ie. main site 192.168.16.0/24, second site 192.168.110/24 and third site 192.168.112/24. The ACL Manager has a single entry of "Source 192.168.113.0/24 Destination 192.168.0.0/16 and the "Standard ACL 192.168.8.8./16 permit.
View 14 Replies
View Related
Jun 18, 2011
I am having asa 5520 in my head office and in branches 2811 routers.i connected two branches with my HO through VPN.now i configured remote vpn client in HO asa . now i need to access all the branches using this remote client.how i create route in HO ASA.
View 7 Replies
View Related
Jul 26, 2011
I'm configuring ASA 5510 Remote Access VPN, I can connect from Cisco VPN Client to the ASA VPN. I obtain from ASA some routes to inside networks, but I can't do any ping to those inside hosts. I have got those error in ASDM log file: [code]
View 1 Replies
View Related
Mar 27, 2011
I have successfully installed and configured VPN Client - Version 5.0.07 to connect to ASA 5510 from a remote workstation. Here is the problem, I cannot ping any of the servers or workstations after I successfully connect. I can ping the ASA 5510 using its internal LAN IP, but no other nodes will respond on the remote LAN.
View 2 Replies
View Related
Jan 17, 2011
We have configured site to site VPN tunnel from offshore to client location using ASA5510 and accessing RDP from client location. Also configured remote VPN access at offshore location. But using remote VPN client we are able to get RDP from officeshore location but not able to access RDP from client location. Is there any additional changes required ?
View 4 Replies
View Related
Dec 20, 2011
I have difficulties with configuring Remote IPSec VPN with Cisco ASA 5505 and Windows 7 native VPN client. My client PC gets VPN pool IP address, and can access remote network behind ASA, but then I lose my internet connectivity. I have read that this should be an issue with split tunneling, but I did as it is told here and no luck.On Windows VPN Client settings, if I uncheck "use default gateway on remote network" I have internet connectivity (since client is using local gateway), but then, I cannot ping remote network.In log, I see this warnings of this type:Teardown TCP connection 256 for outside:192.168.150.1/49562 to outside:213.199.181.90/80 duration 0:00:00 bytes 0 Flow is a loopback (cisco)I have attached my configuration file (without split-tunneling configuration I tried). If you need additional logs I'll send them right away.
View 4 Replies
View Related
Apr 3, 2013
I´m tring to configure ASA 5505 with VPN Cleint, to access a remote network over a L2L with another ASA 5505, but no sucess. Is there any special feature to this work?
View 2 Replies
View Related
Mar 22, 2011
The environment is:
ASA 5505 running 8.2 with ASDM 6.2.
VPN Client Version 5.0.05.0290
I've installed both the anyconnect and ipsec VPN clients and successfully connected for remote VPN server access; however, the client shows no packets being returned. Thinking that I misconfigured, I reset to the factory default and began again. Now I only have the ipsec vpn configured and I have exactly the same symptoms. I followed the directions for configuring the ipsec vpn in Document 68795 and rechecked my configuration and I don't see what I've done wrong. Given that I can connect to the internet from the inside network, and I can connect to the VPN from outside the network (and the ASDM Monitor shows an active connection with nothing sent to the client) I have to believe it is either a route or an access rule preventing communication but I can't quite figure out where (and I've tried static routes back to the ISP and a wide variety of access rules before flushing everything to start over).
[Code] .....
View 4 Replies
View Related
Feb 13, 2013
I have one user who is unable to Access Remote Network resources when connected to the VPN on his home network. VPN shows connected and he is given a remote IP from the VPN Pool, but he cannot ping any IP on our network. When connected using Sprint Wi-Fi card he is able to connect and access remote network from the same laptop. Maybe there is some network overlap that I am missing.
see attached firewall config (zzz... being firewall public IP) and remote user route table. ASA 5505 VPN Client 5.0.07.0290
View 5 Replies
View Related
Oct 4, 2012
I am configuring remote access vpn on ASA5505.Everything is working fine so far, except when the client got connected, it still used the local DNS server provided by the ISP. How do I force the client to use the DNS server configured on ASA?
View 7 Replies
View Related
Mar 1, 2012
I have not really set up ASAs nor VPNs on Cisco devices before. I'm currently attempting to configure a remote access VPN between ASA devices, a 5505 and a 5510. The 5510 is meant to be the server and the 5505 is meant to be the easyvpn client. The reason I am opting for remote access as opposed to site to site is that I have many 5505s at remote sites that I will need to configure in the future, and they will be moving around a bit (I would prefer not to have to keep up with the site-to-site configs). The 5510 will not be moving. Both ASA devices are able to ping out to 8.8.8.8 as well as ping each other's public facing IP.
Neither ASA can ping the other ASA's private IP (this part makes sense), and I am unable to SSH from a client on the 5510 side to the 5505's internal (192) interface. I have pasted sterilized configs from both ASAs below.
ASA 5510 (Server)
ASA Version 8.0(4)
!
hostname ASA5510
domain-name <domain>
enable password <password> encrypted
passwd <password> encrypted
[code].....
View 3 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Jul 21, 2011
I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access.
Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.
I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.
View 6 Replies
View Related
Feb 23, 2011
I just set up a VPN connection from my laptop (Win 7) to my office network using Netgear Prosafe VPN client software to my Netgear Prosafe VPN router. I can connect successfully to the router and can successfully ping any of the devices on my work network. Currently, there are shared drives on the work network that I'd like to access from the laptop. All file sharing options are set so that other local machines can access through the network (the drive I'm trying to access runs off of an XP machine). Any attempts at mapping or using \ipaddressfile come back with a "windows cannot access" message.
View 8 Replies
View Related
Mar 18, 2011
I seem to be having a real hard time getting the hardware for my scanner to be networked and i am trying to think of some different ways to do it and i think this might work.So our server is off site and we all access the server via remote desktop on our individual computers. ie) there is one computer that we all access with our own computers.We need our scanner to send the files to the server so that anyone logged on to the server can access it.But our server is off site and we cant connect our scanner to it.But since we have many computers here, I was wondering if there would be a way to plug the scanner in to MY computer at the office, have the offsite computer use the same remote connection to access my computer so that everyone else logged on to the server can access the folder where the scans are sent to.I know that there are ways to make my local hard drive accessible while im logged on to the server. So is there a way to allow everyone else on the server to access my local hard drives?
View 8 Replies
View Related
Mar 20, 2012
i have a question about tunneling a software EasyVPN client to a client ASA Network. It looks like this:
EasyVPN Server 192.168.202.0/24 Network extension mode to Client EasyVPN ASA 192.168.1.0/24 This works fine in both directions. But now i want to connect the client ASA network via EasyVPN software client from outside. The user are already able to connect to the ASA Server on its static outside IP obtaining an IP from a 192.168.21.0/24 pool. This works fine. But how am i able to connect to the 192.168.1.0/24 network from this client?
View 5 Replies
View Related
Jan 25, 2012
we connect to Cisco ASA 5505 on IPSEC VPN the cisco fowards the demand to the our Juniper router. what ever we do on VPN works #1 exept FTP. [code] Since most home routers use 0.0 1.0 or 2.0 most of our clients cant connect to the VPN so my boss configured our Juniper to translate the IP.So to access 2.0 we do 202.0.So exemple to access in RDP a server in 192.168.2.220 we write in windows RDP 192.168.202.220 and the Juniper converts the data to 2.220 and all works fine. [code]
View 4 Replies
View Related
Mar 7, 2012
We have an ASA-5505 running 8.2(1) with a Bosch DVR 600. When a machine is on the local subnet, it can see the video; however, when it's moved to the DMZ, the unit can be accessed, but all video screens are black and an java script error pops up as follows: [URL]
This message does not pop up when on the local subnet. Additionally, in the login screen, there is a language selection, and sometimes all languages are blanked out. There is a space for them, but they don't display.
I've tried this on a half a dozen machines, either XP or Win7 with IE8 and IE9, and they all do the same thing. I disabled http inspection, but that doesn't work. I also did a packet capture, and the only packets that traverse the ASA.
View 1 Replies
View Related
Jun 11, 2013
I could access from outside to dmz but after i moved to IPv6 as there is no nat needed, i applied the acl's but dont know where i'm going wrong. I need access from outside to dmz web server.
View 4 Replies
View Related
Nov 19, 2012
Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
View 2 Replies
View Related
Oct 31, 2012
I've been attempting to fix this issue or confirm the issue is not with the firewall and I have kind of run into a road block. This is my problem as I understand it. A client of mine has a VPN tunnel built over a point to point connection of some kind (this client is fairly new to me) and is unable to access some hosts on the remote end of the VPN tunnel from the LAN side of the firewall. The LAN IPs are NAT'd as they leave the network from the HPH-Point-to-Point interface to the remote end. Just as a point of reference, the LAN IP of 129.200.11.19 is said to be working, however the range of 129.200.20.25 - .50 is not. I've tried packet-tracer but with the NAT happening over a VPN tunnel I am not sure if I am doing it correctly.
View 1 Replies
View Related
May 16, 2013
i have router 2911
pub ip: 121.97.65.61-74
interface gigabitethernet 0/1
ip address 121.97.65.61/28
[Code].....
and other ip will drop/kick/disconnected automatically
how to implement this on access list
View 6 Replies
View Related
Dec 4, 2012
I want to access my ASA 5505 from internet.how I can achieve it.
View 1 Replies
View Related
Mar 28, 2013
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
View 12 Replies
View Related
Oct 11, 2012
I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall) problem is that if one leaves my network they can receive but can not send email via my SMTP also internal people can only send if they use the IP address of the server rather than the domain [URL]
here is my layout
ISP - ASA 5510 - LAN (includes mailserver)
View 7 Replies
View Related
Jul 5, 2011
Got a problem accessing our webservers on the inside interface from other clients on the inside interface on our ASA 5505.As in, they type in url... in their browser, and it wont work.
However, if we use a PC on another outside network, it works just fine! [code]
View 2 Replies
View Related
Jun 4, 2012
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
View 8 Replies
View Related
Apr 24, 2013
I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.
View 7 Replies
View Related
Sep 14, 2011
I have a PIX 515 and am working with a Site-to-Site VPN. When I do not specify a filter on the Group Policy I can successfully access the remote network and the remote network can access my local network. However this by itself poses a securty risk for my local servers. I need to be able to access the remote network fully, however only one or two workstations on the remote network need to access mine.
If I add access-list vpn-remote-site extended permit ip host remote-wkstn1 any then only the remote workstation can access my remote network. This gets me a step closer as now only the remote workstation can access my network effectively denying everything else. However, from my local network I can now only access the remote workstation and not all of the other devices. I do not have any control over the remote firewall and would like to make sure it is secured on my end.
View 1 Replies
View Related
