Solved

Cisco ASA 5505 - Remote VPN connection problem getting to internal machine

Posted on 2014-12-02
4
180 Views
Last Modified: 2014-12-09
I believe I am missing one line but cannot think of what it is.  Here is an excerpt of the setup:

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0

access-list 101 extended permit udp any any eq isakmp
access-list 101 extended permit udp any any eq 4500
access-list 101 extended permit esp any any
access-list 101 extended permit tcp any any eq ftp
access-list nonat_clientvpn extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list splittunnel standard permit 10.1.10.0 255.255.255.0
access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 101 in interface outside
(this may not be necessary)  route inside 10.1.10.0 255.255.255.0 192.168.10.1 1

Layout:

Modem -> Cisco ASA 5505 (Vlan1 192.168.10.1) -> (Wan 192.168.10.2) Netgear N600 router (Lan 10.1.10.0) -> workstations (server=10.1.10.34)

I can make a VPN connection with the Cisco ASA 5505.  I am unable to ping or use the built-in Microsoft remote control (terminal services) to get on any machine.  The "packet-tracer" indicates the traffic is being dropped due to the implicit deny.

What am I missing?  Thanks.
0
Comment
Question by:Adam D
  • 3
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 40479167
according to the rule below the 10.1.10.0 network has access to the 192.168.20.0 network.

access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

is it supporse to be 192.168.20.0 or 192.168.10.0 that you are trying to access??
0
 
LVL 1

Author Comment

by:Adam D
ID: 40479182
Hello, thank you for your reply.

192.168.20.0 is the client (remote) vpn pool
192.168.10.0 is the local network (VLan1 inside interface is: 192.168.10.1)
10.1.10.0 is on the other side of the 3rd party router with its (Netgear) WAN interface having an IP address of 192.168.10.2

ASA
  WAN - outside (also the remote VPN clients are coming in through here with the IP address of 192.168.20.x)
  Lan - 192.168.10.1 (Vlan 1 inside)

Netgear
  Wan - 192.168.10.2  (directly connected to ASA on the ASA's inside interface)
  Lan - 10.1.10.0  (all workstations are on this side)

Does that help?

Thanks.
0
 
LVL 1

Accepted Solution

by:
Adam D earned 0 total points
ID: 40482440
While I would still like an answer to this question, I decided to just use the wireless router (Netgear) as a wireless switch to solve this problem for now.  Thanks.
0
 
LVL 1

Author Closing Comment

by:Adam D
ID: 40488424
No answer provided, found work around.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question