Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 671
  • Last Modified:

Cisco asa cannot connect to internal network after connecting to vpn

We have an asa in the main location with a few site to site vpns and mobile clients using the mobile vpn.  In the course of settings up a new remote location with easy vpn we have run into problems.

Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.  

The vpn in texas is the one that we are trying to add.  I can provide the config file from the main site or from the remote location.

4      Feb 08 2014      14:31:39      106023      192.168.90.8      49476      10.5.60.11      53      Deny udp src Outside:192.168.90.8/49476 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]



¿4      Feb 08 2014      14:31:40      106023      174.37.196.55      53      209.251.157.148      53      Deny udp src Outside:174.37.196.55/53 dst Outside:209.251.157.148/53 by access-group "Outside_access_in" [0x0, 0x0]
0
cnesupport
Asked:
cnesupport
  • 5
1 Solution
 
cnesupportAuthor Commented:
don't everyone jump at once
0
 
Pete LongTechnical ConsultantCommented:
Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.


I'm assuming you mean the remote site using EasyVPN can connect to the main site but when they do so they cannot connect to the internet, yes?

Firstly is this how you setup EasyVPN?

If so this is how you setup split tunneling

Pete
0
 
cnesupportAuthor Commented:
Yes on both sites but the main issue we are having now is.  

The remote site is unable to access the local network or internet but can access the asa on the remote side.

The mobile vpn users can access the router and internet but not local resources.  

When trying to ping from one of the mobile users vpn:

4      Feb 09 2014      09:00:13      106023      10.5.62.26      59898      10.5.60.11      53      Deny udp src Outside:10.5.62.26/59898 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
cnesupportAuthor Commented:
I think I got it now.  I ended up making some changes to the firewall policies.  Even though I had made exemptions for the networks it was still blocking them.  After adding some rules the mobile vpn is now working.  I am waiting for someone to get to the remote site to take a look there.
0
 
cnesupportAuthor Commented:
got it all working, took a bunch of rules but everything is now flowing the way it should
0
 
cnesupportAuthor Commented:
I solved the issue on my own
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now