Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco Remote Access VPN on ASA 5505 - Lan Access Problems

Posted on 2009-04-02
1
Medium Priority
?
872 Views
Last Modified: 2012-06-27
I have a Cisco ASA 5505 at a branch office that functions as as remote access VPN. This is setup for IPSec over UDP with Allow Local LAN Access enabled.

The LAN is 192.168.100.0 /24
The VPN pool is 192.168.27.0 /28
ASA Software Version 7.2(4)
VPN Client Version 5.0.01.0600

At my house, behind my Linksys router, I am able to connect and use this VPN just as it should work. I can access the LAN, ping devices, etc.

At a couple other business locations, on two different laptops I have tested, I am able to connect to the VPN just fine but I have no access to the LAN. In the status of the Cisco VPN client I get 0 bytes received and 0 decrypted, while the sent bytes are present but remain at a lower number due to little traffic. Below is the config which should be correct (especially since it works on some PC's/networks).

I have access to the firewalls, etc. on the business locations I have been testing from as an FYI if anyone has a suggestion that requires a change in some rule on the firewall that is my gateway depending on where I'm at. Thanks in advance.
access-list outside_access_in extended permit icmp any any
access-list splittunnel standard permit 192.168.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.27.0 255.255.255.240
 
ip local pool NetformVPN 192.168.27.1-192.168.27.15 mask 255.255.255.240
 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
!
 
group-policy Netform internal
group-policy Netform attributes
 dns-server value 192.168.100.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splittunnel
 default-domain value mfcnetform.local
username admin password ********** encrypted
username admin attributes
 vpn-group-policy Netform
tunnel-group Netform type ipsec-ra
tunnel-group Netform general-attributes
 address-pool NetformVPN
 default-group-policy Netform
tunnel-group Netform ipsec-attributes
 pre-shared-key *

Open in new window

0
Comment
Question by:cberrymd
1 Comment
 

Accepted Solution

by:
cberrymd earned 0 total points
ID: 24054463
I actually believe I just solved my own problem.

The following was missing from the config:

crypto isakmp nat-traversal 25
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question