Solved

Cisco asa cannot connect to internal network after connecting to vpn

Posted on 2014-02-08
6
638 Views
Last Modified: 2014-02-14
We have an asa in the main location with a few site to site vpns and mobile clients using the mobile vpn.  In the course of settings up a new remote location with easy vpn we have run into problems.

Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.  

The vpn in texas is the one that we are trying to add.  I can provide the config file from the main site or from the remote location.

4      Feb 08 2014      14:31:39      106023      192.168.90.8      49476      10.5.60.11      53      Deny udp src Outside:192.168.90.8/49476 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]



¿4      Feb 08 2014      14:31:40      106023      174.37.196.55      53      209.251.157.148      53      Deny udp src Outside:174.37.196.55/53 dst Outside:209.251.157.148/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Comment
Question by:cnesupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Author Comment

by:cnesupport
ID: 39845274
don't everyone jump at once
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39845295
Got the vpn to light up without issue but was unable to get to the internet.  Tried to configure split tunneling and was unsuccessful at getting it working.  Now all of a sudden none of the vpn users of the mobile vpn or the remote sites can access anything on the servers.


I'm assuming you mean the remote site using EasyVPN can connect to the main site but when they do so they cannot connect to the internet, yes?

Firstly is this how you setup EasyVPN?

If so this is how you setup split tunneling

Pete
0
 

Author Comment

by:cnesupport
ID: 39845299
Yes on both sites but the main issue we are having now is.  

The remote site is unable to access the local network or internet but can access the asa on the remote side.

The mobile vpn users can access the router and internet but not local resources.  

When trying to ping from one of the mobile users vpn:

4      Feb 09 2014      09:00:13      106023      10.5.62.26      59898      10.5.60.11      53      Deny udp src Outside:10.5.62.26/59898 dst Inside:10.5.60.11/53 by access-group "Outside_access_in" [0x0, 0x0]
0
Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

 

Accepted Solution

by:
cnesupport earned 0 total points
ID: 39845320
I think I got it now.  I ended up making some changes to the firewall policies.  Even though I had made exemptions for the networks it was still blocking them.  After adding some rules the mobile vpn is now working.  I am waiting for someone to get to the remote site to take a look there.
0
 

Author Comment

by:cnesupport
ID: 39845431
got it all working, took a bunch of rules but everything is now flowing the way it should
0
 

Author Closing Comment

by:cnesupport
ID: 39858520
I solved the issue on my own
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question