Solved

Cisco asa cannot connect to internal network after connecting to vpn

Posted on 2014-02-08
6
612 Views
Last Modified: 2014-02-14
We have an asa in the main location with a few site to site vpns and mobile clients using the mobile vpn.  In the course of settings up a new remote location with easy vpn we have run into problems.

Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.  

The vpn in texas is the one that we are trying to add.  I can provide the config file from the main site or from the remote location.

4      Feb 08 2014      14:31:39      106023      192.168.90.8      49476      10.5.60.11      53      Deny udp src Outside:192.168.90.8/49476 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]



¿4      Feb 08 2014      14:31:40      106023      174.37.196.55      53      209.251.157.148      53      Deny udp src Outside:174.37.196.55/53 dst Outside:209.251.157.148/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Comment
Question by:cnesupport
  • 5
6 Comments
 

Author Comment

by:cnesupport
ID: 39845274
don't everyone jump at once
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39845295
Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.


I'm assuming you mean the remote site using EasyVPN can connect to the main site but when they do so they cannot connect to the internet, yes?

Firstly is this how you setup EasyVPN?

If so this is how you setup split tunneling

Pete
0
 

Author Comment

by:cnesupport
ID: 39845299
Yes on both sites but the main issue we are having now is.  

The remote site is unable to access the local network or internet but can access the asa on the remote side.

The mobile vpn users can access the router and internet but not local resources.  

When trying to ping from one of the mobile users vpn:

4      Feb 09 2014      09:00:13      106023      10.5.62.26      59898      10.5.60.11      53      Deny udp src Outside:10.5.62.26/59898 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Accepted Solution

by:
cnesupport earned 0 total points
ID: 39845320
I think I got it now.  I ended up making some changes to the firewall policies.  Even though I had made exemptions for the networks it was still blocking them.  After adding some rules the mobile vpn is now working.  I am waiting for someone to get to the remote site to take a look there.
0
 

Author Comment

by:cnesupport
ID: 39845431
got it all working, took a bunch of rules but everything is now flowing the way it should
0
 

Author Closing Comment

by:cnesupport
ID: 39858520
I solved the issue on my own
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 89
Website Issue 10 76
Help logging in to my router 12 48
2 routers and 1 public IP Address. 10 41
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question