Solved

Cisco asa cannot connect to internal network after connecting to vpn

Posted on 2014-02-08
6
620 Views
Last Modified: 2014-02-14
We have an asa in the main location with a few site to site vpns and mobile clients using the mobile vpn.  In the course of settings up a new remote location with easy vpn we have run into problems.

Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.  

The vpn in texas is the one that we are trying to add.  I can provide the config file from the main site or from the remote location.

4      Feb 08 2014      14:31:39      106023      192.168.90.8      49476      10.5.60.11      53      Deny udp src Outside:192.168.90.8/49476 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]



¿4      Feb 08 2014      14:31:40      106023      174.37.196.55      53      209.251.157.148      53      Deny udp src Outside:174.37.196.55/53 dst Outside:209.251.157.148/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Comment
Question by:cnesupport
  • 5
6 Comments
 

Author Comment

by:cnesupport
ID: 39845274
don't everyone jump at once
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39845295
Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.


I'm assuming you mean the remote site using EasyVPN can connect to the main site but when they do so they cannot connect to the internet, yes?

Firstly is this how you setup EasyVPN?

If so this is how you setup split tunneling

Pete
0
 

Author Comment

by:cnesupport
ID: 39845299
Yes on both sites but the main issue we are having now is.  

The remote site is unable to access the local network or internet but can access the asa on the remote side.

The mobile vpn users can access the router and internet but not local resources.  

When trying to ping from one of the mobile users vpn:

4      Feb 09 2014      09:00:13      106023      10.5.62.26      59898      10.5.60.11      53      Deny udp src Outside:10.5.62.26/59898 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Accepted Solution

by:
cnesupport earned 0 total points
ID: 39845320
I think I got it now.  I ended up making some changes to the firewall policies.  Even though I had made exemptions for the networks it was still blocking them.  After adding some rules the mobile vpn is now working.  I am waiting for someone to get to the remote site to take a look there.
0
 

Author Comment

by:cnesupport
ID: 39845431
got it all working, took a bunch of rules but everything is now flowing the way it should
0
 

Author Closing Comment

by:cnesupport
ID: 39858520
I solved the issue on my own
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5505 packet drops 14 43
Help creating a custom privilege level in a Cisco switch or router 3 19
Cisco Edge Routers for BGP 6 47
cisco asa proxy arp 2 13
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question