We help IT Professionals succeed at work.

Cisco ASA VPN remote network connection

Hi i'm running into an issues with a Cisco remote user VPN on a Cisco ASA 5505.

The issues i'm having is that from certain remote networks although i'm able to connect to the VPN, i can not browse the remote network behind the VPN.

i.e.
network 1 - VPN connects - can not access remote network (no ping, no HTTP, no CIFS)
network 2 - VPN connects - can access remote network (full ping, full HTTP, full CIFS)

I have checked and i dont have a subnet match between the local and remote network.

The only similarity i was able to find that that the networks from which i can not access the network behind the VPN all have a business class router/firewall, whether its and other ASA or a Checkpoint firewall.

I do have access to the configuration of one of the local firewalls so i have posted both configurations attached to this.
VPN-ASA
local
Comment
Watch Question

Erik BjersPrincipal Systems Administrator

Commented:
you may be running into NAT transversal or a firewall that is blocking UDP encapsulation problems and there are a few things you can do to combat this.

1) Try different encapsulation methods
2) Try the anyconnect VPN client

Alternatively you can ask who ever owns these firewalls to allow UDP encapsulation or VPN pass through.

eb

Author

Commented:
Like i mentioned above i control the firewall at one of the locations (see config file named local)
If you can look at the config and let me know what i an change that would be great.

However i believe its in the setup of the VPN tunnel that you can find in the VPN-ASA config file.
As i have setup several other ASA based VPN tunnels in the past in the same way and they all connect from the local location.

I am using the Cisco VPN client to connect i will try the WebVPN client and see if it works differently.

Thanks
Principal Systems Administrator
Commented:
Not the web VPN client but cisco anyconnect. I have used this where nothing else works.

eb

Author

Commented:
So i finally got around to testing the anyconnect client.
Got it working under all networks so that good.

However i still need to figure out why the regular VPN client is not working, as i only have 2 SSL VPN licenses for the anyconnect client and 5 users (i have 10 ipsec licenses)