Cisco VPN :: ASA5505 Can't Reach Remote Resources
Oct 13, 2011
I have a (central) ASA5510 acting as a EasyVPN server and a number of (remote) ASA5505 as EasyVPN client. All the communication works fine between the different networks. The issu is the ASA itself. The remote ASA can ping the central ASA on it's internal IP-adress, but it can't ping any other resoruces at the central network. If I ping the DC at the central network from the remote ASA I get a deny in the central ASA with source address as the public IP-adress of the remote ASA and destination of the internal address of the DC. If I from the remote ASA do "ping inside ip-of-central-dc" it work's like a charm, but "ping ip-of-central-dc" dosen't work.
View 3 Replies
ADVERTISEMENT
Feb 10, 2011
I'm having some troubles with SSLVPN connectivity. I've setup SSLVPN at one site and it works great with web access, file share, RDP plugin etc. at the local LAN on that site. But I also would like to reach another site (connected with an IPSEC tunnel). Is this possible? if it is, how do I do it?Both firewalls are ASA5505, one 8.31 and one 8.22 Just a note, it works to connect with IPSEC client and reach the remote site just fine.
View 8 Replies
View Related
Jan 31, 2011
I have a friend that have in his company an ASA5505 at central point and about 5 remote sites connected via Vpn site-to-site.All tunnels are up and reach the central network.The only traffic that pass throw the tunnel is the traffic with the ASA local network destination.
My friend asked me what it needs to reach from one Vpn remote site to another Vpn remote site, passing throw the ASA5505 central site.The ASA5505 can reach all remote networks throw the tunnels.
What it needs for the ASA to route traffic between the VPN´s tunnels?Does it need static routes on the remote sites to advertise the other remote sites ?
View 5 Replies
View Related
Nov 22, 2012
I have a VPN server set up behind a home router in my apartment. I'm able to connect to it from other locations, and have verified that internet traffic is going thru the connection (ipchicken.com reports the IP address of the VPN network). But I can't seem to connect to other machines on the router subnet. For example, 192.168.1.1 connects me to the local gateway rather than my apartment router. Also, I can't connect to known good static IPs for other machines on the remote subnet, including the machine I'm VPN'd thru!
Note that in connection properties, the setting to 'use remote default gateway' is checked.
View 2 Replies
View Related
May 24, 2011
I have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
View 11 Replies
View Related
Feb 24, 2011
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
View 9 Replies
View Related
Dec 6, 2011
I have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
View 5 Replies
View Related
Oct 22, 2009
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies
View Related
Nov 24, 2011
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies
View Related
Apr 13, 2013
-cisco 2651xm router
-cisco 1760 router
I have a cisco 2651xm router here at home, and at another remote location I have a cisco 1760 router, both are connected to the internet via adsl (WIC1-ADSL card).The problem is that from home I can't connect to the snmp-service on the 1760 router. I'm using a PC that's on the LAN of the 2651XM router, the blockage is in the 2651XM router, because if I swap it for a cheap plastic domestic router I can get snmp data from the 1760 router, and this is without any port forwarding in the domestic router. What config do I need on the 2651XM router so it will pass this traffic?
View 3 Replies
View Related
Apr 3, 2011
We are facing strange issue in our network. We have a remote branch which is connected to main branch using Leased Line. Remote branch is having Cisco 1700 Router. Every day in the morning time the remote router is unreachable. We are not able to reach (ping/telnet) the remote Router but able to reach L3 switch/ LAN behind this router. The users from remote branch is also not able to reach the local router but they are able to ping the Main branch.Users in the remote branch are not able to access any resources in the main branch during the issue.
During the issue, we have checked the remote branch router and found the CPU utilization of the Cisco 1700 router is very high (99%). If we run "Show process CPU" command (please find the attachment) specially IP input process is very high (97%).
View 1 Replies
View Related
Mar 14, 2011
I configured a remote-access vpn on an ASA 5510 version 8.3. This is the configuration [code]The vpn goes up and I get an ip address, but it's impossible to reach the internal network. [code]
View 9 Replies
View Related
Feb 11, 2012
I have 25 of these routers installed behind various providers and transport (DSL, Cable, UVerse). At sites where I have static IP, I can't reach any service inside, and in fact can't even reach the router for Remote Management. At all times the users indoes can do whtever they like, the have Internet access.
At sites where we draw a dynamic IP or use PPPoE, I can reach services and manage the router until a known issue stops the inbound traffic.
View 3 Replies
View Related
May 21, 2011
Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24
View 5 Replies
View Related
Aug 4, 2011
I have been searching for days trying to find out what could be wrong with the configuration of an ASA5505 running Firmware version 7.2(2). I am trying to set up a hairpin connection between my laptop on the VPN tunnel (192.168.25.12) to access the server across the L2L VPN (192.168.1.10) on the diagram below.
The remote VPN function is working, as I can RDP to the 192.168.25.10 server from my laptop, and the L2L VPN is working since I can RDP from server 192.168.25.10 to server 192.168.1.10. I am trying specifically to run RDP from my laptop without having to log into the .25 network.
I have tried multiple changes to my NAT tables and my ACL configurations to no avail.[code]
View 8 Replies
View Related
Apr 3, 2012
We currently have a few 5505s installed at client sites which are connected via s2s ipsec VPN to our datacenter's 5510. We are using Nagios to monitor the local data center and remote client infrastructure (over the VPNs) which has been working well.
We would like to also monitor the remote 5505s using SNMP over the s2s tunnels but it doesn't seem to be working, the connection is timing out. We've configured the remote 5505s with the same snmp statement we used on the 5510 (snmp-server host inside <remote datacenter IP> poll community ***** version 2c) yet the Nagios SNMP check cannot connect to the remote 5505s. We've also tried the command using 'outside' without any luck, not sure how to get SNMP to route over the VPN.
View 15 Replies
View Related
Jul 28, 2011
I have a ASA 5505.|I configured it for remote access VPN from cisco VPN client.the ASA receives a public ip address on outside interface via PPPoE.I can connect to public ip of outside interface and address 10.1.1.2 is assigned to my Cisco vpn client.the problem is that I Cannot ping or reach ASA internal IP address 172.16.29.1 in any way when I am in VPN from outside,while I Can ping other hosts on 172.16.29.0/24 when connected in VPN.this is a problem brcause when I am connected in VPN to ASA I Cannot configure it..Then I Wanted to ask if it is possible a configuration which gives addresses from network 172.16.29.0/24 (the same as inside network) to VPN clients instead of another network (10.1.1.0/24) [code]
View 1 Replies
View Related
May 23, 2011
How to remotely changing ip address for my ASA5505.
View 1 Replies
View Related
Feb 27, 2013
I'm having a Issue getting my VPN up from out remote site . We have a ASA5505 at the remote site and the Main office we have a PIX-515E.. I followed this temp config I found on line but Im still not able to get the VPN UP..
This script can be used to get you started on a site to site vpn using the older Cisco PIX code. PIX running 6.3 ! ^^^^ Set ISAKMP (phase 1) parameters ^^^^^ {code]...
When I log into the ASA and run these commands This what I get
Colort2# sh run crypto isakmp
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
[code]...
View 1 Replies
View Related
Jan 23, 2013
I have the following config below on my ASA5505, where I want to be able to access remote computers who are VPN'd into the inside network, for support purposes.I want to be able to ping the VPN ip from the LAN, and be able to connect to these computers via the VPN ip. [code]
View 4 Replies
View Related
Feb 2, 2012
I have configured ASA 5505 for remote access VPN to allow remote user to connect to the officce LAN from remote locations. VPN working fine, users can access offce LAN and sahred resource etc but once they connected to VPN, they can not browse the internet ? Internet browsing stop working as soon as their VPN client connnect with ASA 5505 t, once they are disconnected from the VPN , again they can browse the internet.
Does ASA 5505 blocks the internet browsing for VPN users ? Is there anything else I need to congfure to make sure VPN users can browse internet? Do I need to configure Split Tunnleing , NATing or routing for the VPN users?
View 3 Replies
View Related
Oct 28, 2012
I am trying to configure RemoteDesktop on a home lab ASA5505 with IOS 8.4.1 and no matter what I tried, I am unable to remote into a local server behind the firewall. I've searched online and found several threads with solutions online including here at Cisco Support Community forum and have tried them all, but have no success. I'm sure it may be something very simple that I've missed.
ASA Version 8.4(1)!interface Vlan1nameif insidesecurity-level 100ip address 192.168.148.5 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 67.x.x.75 255.255.255.128!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2shutdown!interface Ethernet0/3shutdown!interface Ethernet0/4shutdown!interface Ethernet0/5shutdown!interface Ethernet0/6shutdown!interface Ethernet0/7shutdown!ftp mode passivedns domain-lookup outsidedns server-group DefaultDNSname-server 67.x.x.75domain-name demo.localobject network insidesubnet 192.168.148.0 255.255.255.0object network rdp-serverhost 192.168.148.105object service rdpservice tcp source eq 3389access-list outside_in extended permit tcp any object rdp-server eq 3389pager lines 24mtu inside 1500mtu outside 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400nat (inside,outside) source static rdp-server interface service rdp rdpnat (inside,outside) source dynamic inside interfaceaccess-group outside_in in interface outsideroute outside 0.0.0.0 0.0.0.0 67.x.x.75 1
View 7 Replies
View Related
Apr 3, 2013
I have a brand new ASA 5505 running version 8.2(5). Got connected with the ASDM and ran the setup wizard and the remote access VPN wizard. I am not able to ping the outside interface from the internet, and my VPN client gets no response when trying to connect.
View 5 Replies
View Related
Jun 2, 2013
I have setup a Remote access VPN on my ASA5505 firewall through the ASDM wizard.I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows incoming Rx packets. However, Tx packets remain 0, so no traffic is going out. My ASA5505 is configured as router on a stick with 25 different VLAN's. I want to restrict traffic to one specific VLAN using a crypto map.When I issue a ping -t command on my connected Windows box, the firewall log shows me the following message:
"IKE Initiator unable to find policy: Intf outside, Src: 10.7.11.18, Dst: 172.16.1.1."
"This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself." [code] I have really no idea what's going on. I have setup a Remote access VPN countless times but this time it shows me the error as described above.
View 5 Replies
View Related
Oct 25, 2012
I have several locations with time clocks (a Kronos application) on a small home network with outgoing traffic wide open.I have a server in my office behind an ASA5505 router/firewall, also with outging traffic wide open. I have tried taking the device off of the remote network and giving the it a public, static ip address so it is actually on the internet, yet the server cannot see the device, but it can ping it. I was advised to put the device on the remote private network and set up a virtual server using port 8080 at the remote location. The server is still unable to see the device. I also set up a virtual server for VNC. When I am on my server on my work network behind the ASA5505, I can start my VNC viewer and attach to the device at the remote site using the IP of the router (apparently the device has a build in VNC server).
I have also tried to NAT my server to a public IP, I have set up incoming and outgoing rules on the firewalls at both ends.this should be a fairly straight forward connection.
View 7 Replies
View Related
Sep 28, 2011
We have two sites connect with an IPSec L2L VPN.
-Site A: 192.168.13.0/24
-Site B: 192.168.2.0/24
On both sites we have a ASA5505(Base license) to terminate the tunnel.On Site B we also got a remote access vpn to which we can connect using the vpn client.The lan2lan tunnel works fine and so the remote access vpn.Now i want to connect to Site A using my vpn client connected to Site B. [code] There are no vpn-filters or other special policys in place..If tried to ping from my vpn client to Site A while i was debugging ipsec 255 on site B: the asa matched the l2l-tunnel for traffic sourced from 192.168.25.x to 192.168.13.x but when im doing a show crypto ipsec sa detail there are no packets getting encrypted..so of course no packets reaching my asa on site a.
View 9 Replies
View Related
Jul 5, 2011
I need to configure our ASA5505 firewall for remote access to our network using EasyVPN software installed on a laptop. That laptop will be connected in the different places, using DSL or 3G toggle or Public Wi-Fi. For some people it's very easy, but I don't have any experience with firewalls.
View 9 Replies
View Related
May 9, 2013
I have noticed a problem recently that our Remote Access VPN will randomly stop working. I will be able to connect and enter my Username+Password and it says Connected, but I cannot ping Remote Resources. If I check VPN Client Statistics, it shows Many Packets Sent/Encrypted, but None Received. It seems this problem affects all devices at once, but leaves the L2L tunnels intact.
It seems to randomly start working for a while, and everything seems fine until it stops working again. I verified that it is not a firewall problem, and it occurs on multiple ISPs and computers.
We also have 2 Static L2L Tunnels, and 1 Dynamic L2L Tunnel all of which operate flawlessly. All sites/remote users use split tunneling.
Below is the config, I just added the keepalives on the RA Tunnel to see if it would work, I haven't noticed any difference yet.
ASA Version 8.0(2)
!
hostname HQ-ASA5505
domain-name xxxxx.local
[Code]....
View 3 Replies
View Related
May 28, 2011
inside network----ASA5505========internet===========Remote VPN client.
The ASA has one public IP on its outside interface and using PAT to the internet. It only has two interfaces, inside and outside using vlan. I created a IPSec VPN through CLI. My goal is for the remote client to browse the Internet throught tunnel.
Q1: Is it possible?
Q2: The remote side gets connected and has IP from the pool, with is part of inside network. But it cannot ping anything, including the gateway, which is the inside interface. I debug it, it shows the ASA receives the ping packages, but it doesnt send anything back to the client.
View 5 Replies
View Related
Feb 6, 2012
On remote site I have Cisco ASA5505, on cental site I have Cisco 2811 router, working site-to-site VPN tunnel. [code]
View 1 Replies
View Related
Jan 5, 2012
I have a problem with mi telephony server. My network topology is very simple. I have an ASA5505 connected to Internet throught an ISP. Behind ASA5505 I have a ToIP Server that operate well inside LAN network. However, when I try to register two or more extensions (Softphones) from Internet, Softphones some times it registers sucessfully, but some times doesn´t work.
The other hand, when softphones outside from LAN get register sucessfully in Asterisk server, is not possible that one of this calling the other one, and Asterisk server detects them as "UNREACHABLE". I don´t know if the problem are all commands of traffic inspect or if the problem is referenced to a particular UC proxy License.
These are configuration lines:
object-group service elastix-ports
service-object udp eq sip
service-object udp gt 10000
[Code]......
View 1 Replies
View Related
Jul 11, 2012
I have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
View 2 Replies
View Related
Dec 21, 2012
I installed a CISCO ASA5505 with 50 user license to my network as the gateway firewall. So ASA is acting as the gaeway router which is connected to a fibre circuit and also it gives DHCP to the network. The strange thing is that except for two computers rest does not have internet. I also have an asterisk phone system which works fine..
I tried everything.... static IP's DHCP, DNS nothing worked. But strange enough two computers works fine and have internet.. but are no special computers. One is Win XP and the other one is Win7. When I troubleshoot the problem in win 7 on one of the computers it says
"The remote device or resource won't accept the connection"
View 3 Replies
View Related
