Solved

Cisco Remote Access VPN on ASA 5505 - Lan Access Problems

Posted on 2009-04-02
1
854 Views
Last Modified: 2012-06-27
I have a Cisco ASA 5505 at a branch office that functions as as remote access VPN. This is setup for IPSec over UDP with Allow Local LAN Access enabled.

The LAN is 192.168.100.0 /24
The VPN pool is 192.168.27.0 /28
ASA Software Version 7.2(4)
VPN Client Version 5.0.01.0600

At my house, behind my Linksys router, I am able to connect and use this VPN just as it should work. I can access the LAN, ping devices, etc.

At a couple other business locations, on two different laptops I have tested, I am able to connect to the VPN just fine but I have no access to the LAN. In the status of the Cisco VPN client I get 0 bytes received and 0 decrypted, while the sent bytes are present but remain at a lower number due to little traffic. Below is the config which should be correct (especially since it works on some PC's/networks).

I have access to the firewalls, etc. on the business locations I have been testing from as an FYI if anyone has a suggestion that requires a change in some rule on the firewall that is my gateway depending on where I'm at. Thanks in advance.
access-list outside_access_in extended permit icmp any any

access-list splittunnel standard permit 192.168.100.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 192.168.27.0 255.255.255.240
 

ip local pool NetformVPN 192.168.27.1-192.168.27.15 mask 255.255.255.240
 

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400
 

!
 

group-policy Netform internal

group-policy Netform attributes

 dns-server value 192.168.100.10

 vpn-tunnel-protocol IPSec

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value splittunnel

 default-domain value mfcnetform.local

username admin password ********** encrypted

username admin attributes

 vpn-group-policy Netform

tunnel-group Netform type ipsec-ra

tunnel-group Netform general-attributes

 address-pool NetformVPN

 default-group-policy Netform

tunnel-group Netform ipsec-attributes

 pre-shared-key *

Open in new window

0
Comment
Question by:cberrymd
1 Comment
 

Accepted Solution

by:
cberrymd earned 0 total points
Comment Utility
I actually believe I just solved my own problem.

The following was missing from the config:

crypto isakmp nat-traversal 25
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now