Solved

Cisco Remote Access VPN on ASA 5505 - Lan Access Problems

Posted on 2009-04-02
1
862 Views
Last Modified: 2012-06-27
I have a Cisco ASA 5505 at a branch office that functions as as remote access VPN. This is setup for IPSec over UDP with Allow Local LAN Access enabled.

The LAN is 192.168.100.0 /24
The VPN pool is 192.168.27.0 /28
ASA Software Version 7.2(4)
VPN Client Version 5.0.01.0600

At my house, behind my Linksys router, I am able to connect and use this VPN just as it should work. I can access the LAN, ping devices, etc.

At a couple other business locations, on two different laptops I have tested, I am able to connect to the VPN just fine but I have no access to the LAN. In the status of the Cisco VPN client I get 0 bytes received and 0 decrypted, while the sent bytes are present but remain at a lower number due to little traffic. Below is the config which should be correct (especially since it works on some PC's/networks).

I have access to the firewalls, etc. on the business locations I have been testing from as an FYI if anyone has a suggestion that requires a change in some rule on the firewall that is my gateway depending on where I'm at. Thanks in advance.
access-list outside_access_in extended permit icmp any any
access-list splittunnel standard permit 192.168.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.27.0 255.255.255.240
 
ip local pool NetformVPN 192.168.27.1-192.168.27.15 mask 255.255.255.240
 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
!
 
group-policy Netform internal
group-policy Netform attributes
 dns-server value 192.168.100.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splittunnel
 default-domain value mfcnetform.local
username admin password ********** encrypted
username admin attributes
 vpn-group-policy Netform
tunnel-group Netform type ipsec-ra
tunnel-group Netform general-attributes
 address-pool NetformVPN
 default-group-policy Netform
tunnel-group Netform ipsec-attributes
 pre-shared-key *

Open in new window

0
Comment
Question by:cberrymd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
cberrymd earned 0 total points
ID: 24054463
I actually believe I just solved my own problem.

The following was missing from the config:

crypto isakmp nat-traversal 25
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question