Advertisement

03.27.2007 at 01:32PM PDT, ID: 22476083
[x]
Attachment Details

ASA 5505 Client VPN

Asked by PeteLong in Cisco PIX Firewall

Tags: , ,

OK Doing some testing set up client VPN access - the client connects and says connected - but no traffic passes and the client cannot ping any network resources,

: Saved
: Written by enable_15 at 12:22:11.604 UTC Tue Mar 27 2007
!
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password xxxxxxxxxxxxxxxxencrypted
names
name 10.254.254.10 DC01
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.254.254.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxxxxxxxxxxxxxx encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list inbound extended permit tcp any any eq 3389
access-list inbound extended permit icmp any any echo-reply
access-list inbound extended permit icmp any any time-exceeded
access-list inbound extended permit icmp any any unreachable
access-list inbound extended permit tcp any any eq smtp
access-list inbound extended permit tcp any any eq https
access-list inbound extended permit tcp any interface outside eq www
access-list outbound extended permit ip any any
access-list RemoteVPN_splitTunnelAcl standard permit 10.254.254.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNPool 10.254.254.85-10.254.254.90 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 DC01 3389 netmask 255.255.255.255
static (inside,outside) tcp interface www DC01 www netmask 255.255.255.255  dns
static (inside,outside) tcp interface smtp DC01 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https DC01 https netmask 255.255.255.255
access-group outbound in interface inside
access-group inbound in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
 wins-server value 10.254.254.10
 dns-server value 10.254.254.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RemoteVPN_splitTunnelAcl
 default-domain value petenetlive.com
username user1 password xxxxxxxxxxxxxxxxxxxx encrypted privilege 0
username user1 attributes
 vpn-group-policy RemoteVPN
http server enable
http 10.254.254.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group RemoteVPN type ipsec-ra
tunnel-group RemoteVPN general-attributes
 address-pool VPNPool
 default-group-policy RemoteVPN
tunnel-group RemoteVPN ipsec-attributes
 pre-shared-key thisisthepresharedkey
telnet 10.254.254.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e91dababc138ef9559edb2fb5ca05a1d
: end


VPN was set up from the ASDM Wizard?Start Free Trial
[+][-]03.27.2007 at 04:47PM PDT, ID: 18804533

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.27.2007 at 05:51PM PDT, ID: 18804820

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 12:45AM PDT, ID: 18806303

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 12:47AM PDT, ID: 18806311

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 12:59AM PDT, ID: 18806351

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 02:17AM PDT, ID: 18806614

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 04:35AM PDT, ID: 18807119

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]03.28.2007 at 04:56AM PDT, ID: 18807205

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]03.28.2007 at 04:58AM PDT, ID: 18807218

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Cisco PIX Firewall
Tags: asa, vpn, 5505
Sign Up Now!
Solution Provided By: Cyclops3590
Participating Experts: 3
Solution Grade: A
 
 
[+][-]03.28.2007 at 06:49AM PDT, ID: 18807980

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 07:09AM PDT, ID: 18808150

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 07:30AM PDT, ID: 18808327

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 08:31AM PDT, ID: 18808898

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 08:45AM PDT, ID: 18809070

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 09:26AM PDT, ID: 18809533

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 01:25PM PDT, ID: 18811488

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 01:34PM PDT, ID: 18811572

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 01:55PM PDT, ID: 18811753

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 02:58PM PDT, ID: 18812265

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.28.2007 at 04:08PM PDT, ID: 18812637

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.29.2007 at 06:36AM PDT, ID: 18815888

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32