Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Remote Access VPN on ASA 5505 - Lan Access Problems

Posted on 2009-04-02
1
858 Views
Last Modified: 2012-06-27
I have a Cisco ASA 5505 at a branch office that functions as as remote access VPN. This is setup for IPSec over UDP with Allow Local LAN Access enabled.

The LAN is 192.168.100.0 /24
The VPN pool is 192.168.27.0 /28
ASA Software Version 7.2(4)
VPN Client Version 5.0.01.0600

At my house, behind my Linksys router, I am able to connect and use this VPN just as it should work. I can access the LAN, ping devices, etc.

At a couple other business locations, on two different laptops I have tested, I am able to connect to the VPN just fine but I have no access to the LAN. In the status of the Cisco VPN client I get 0 bytes received and 0 decrypted, while the sent bytes are present but remain at a lower number due to little traffic. Below is the config which should be correct (especially since it works on some PC's/networks).

I have access to the firewalls, etc. on the business locations I have been testing from as an FYI if anyone has a suggestion that requires a change in some rule on the firewall that is my gateway depending on where I'm at. Thanks in advance.
access-list outside_access_in extended permit icmp any any
access-list splittunnel standard permit 192.168.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.27.0 255.255.255.240
 
ip local pool NetformVPN 192.168.27.1-192.168.27.15 mask 255.255.255.240
 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
!
 
group-policy Netform internal
group-policy Netform attributes
 dns-server value 192.168.100.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splittunnel
 default-domain value mfcnetform.local
username admin password ********** encrypted
username admin attributes
 vpn-group-policy Netform
tunnel-group Netform type ipsec-ra
tunnel-group Netform general-attributes
 address-pool NetformVPN
 default-group-policy Netform
tunnel-group Netform ipsec-attributes
 pre-shared-key *

Open in new window

0
Comment
Question by:cberrymd
1 Comment
 

Accepted Solution

by:
cberrymd earned 0 total points
ID: 24054463
I actually believe I just solved my own problem.

The following was missing from the config:

crypto isakmp nat-traversal 25
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Overused monitor 4 34
Cisco 3800 series and WISM2 1 29
SonicWall NSA 3600, Geo-IP Filter & blocking sites 2 32
IPsec VPN - which encryption? 5 35
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question