Solved

Cisco Remote Access VPN on ASA 5505 - Lan Access Problems

Posted on 2009-04-02
1
859 Views
Last Modified: 2012-06-27
I have a Cisco ASA 5505 at a branch office that functions as as remote access VPN. This is setup for IPSec over UDP with Allow Local LAN Access enabled.

The LAN is 192.168.100.0 /24
The VPN pool is 192.168.27.0 /28
ASA Software Version 7.2(4)
VPN Client Version 5.0.01.0600

At my house, behind my Linksys router, I am able to connect and use this VPN just as it should work. I can access the LAN, ping devices, etc.

At a couple other business locations, on two different laptops I have tested, I am able to connect to the VPN just fine but I have no access to the LAN. In the status of the Cisco VPN client I get 0 bytes received and 0 decrypted, while the sent bytes are present but remain at a lower number due to little traffic. Below is the config which should be correct (especially since it works on some PC's/networks).

I have access to the firewalls, etc. on the business locations I have been testing from as an FYI if anyone has a suggestion that requires a change in some rule on the firewall that is my gateway depending on where I'm at. Thanks in advance.
access-list outside_access_in extended permit icmp any any
access-list splittunnel standard permit 192.168.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.27.0 255.255.255.240
 
ip local pool NetformVPN 192.168.27.1-192.168.27.15 mask 255.255.255.240
 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
!
 
group-policy Netform internal
group-policy Netform attributes
 dns-server value 192.168.100.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splittunnel
 default-domain value mfcnetform.local
username admin password ********** encrypted
username admin attributes
 vpn-group-policy Netform
tunnel-group Netform type ipsec-ra
tunnel-group Netform general-attributes
 address-pool NetformVPN
 default-group-policy Netform
tunnel-group Netform ipsec-attributes
 pre-shared-key *

Open in new window

0
Comment
Question by:cberrymd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
cberrymd earned 0 total points
ID: 24054463
I actually believe I just solved my own problem.

The following was missing from the config:

crypto isakmp nat-traversal 25
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question