Solved

Cisco ASA 5505 - Remote VPN connection problem getting to internal machine

Posted on 2014-12-02
4
177 Views
Last Modified: 2014-12-09
I believe I am missing one line but cannot think of what it is.  Here is an excerpt of the setup:

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0

access-list 101 extended permit udp any any eq isakmp
access-list 101 extended permit udp any any eq 4500
access-list 101 extended permit esp any any
access-list 101 extended permit tcp any any eq ftp
access-list nonat_clientvpn extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list splittunnel standard permit 10.1.10.0 255.255.255.0
access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 101 in interface outside
(this may not be necessary)  route inside 10.1.10.0 255.255.255.0 192.168.10.1 1

Layout:

Modem -> Cisco ASA 5505 (Vlan1 192.168.10.1) -> (Wan 192.168.10.2) Netgear N600 router (Lan 10.1.10.0) -> workstations (server=10.1.10.34)

I can make a VPN connection with the Cisco ASA 5505.  I am unable to ping or use the built-in Microsoft remote control (terminal services) to get on any machine.  The "packet-tracer" indicates the traffic is being dropped due to the implicit deny.

What am I missing?  Thanks.
0
Comment
Question by:adrobnis
  • 3
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 40479167
according to the rule below the 10.1.10.0 network has access to the 192.168.20.0 network.

access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

is it supporse to be 192.168.20.0 or 192.168.10.0 that you are trying to access??
0
 
LVL 1

Author Comment

by:adrobnis
ID: 40479182
Hello, thank you for your reply.

192.168.20.0 is the client (remote) vpn pool
192.168.10.0 is the local network (VLan1 inside interface is: 192.168.10.1)
10.1.10.0 is on the other side of the 3rd party router with its (Netgear) WAN interface having an IP address of 192.168.10.2

ASA
  WAN - outside (also the remote VPN clients are coming in through here with the IP address of 192.168.20.x)
  Lan - 192.168.10.1 (Vlan 1 inside)

Netgear
  Wan - 192.168.10.2  (directly connected to ASA on the ASA's inside interface)
  Lan - 10.1.10.0  (all workstations are on this side)

Does that help?

Thanks.
0
 
LVL 1

Accepted Solution

by:
adrobnis earned 0 total points
ID: 40482440
While I would still like an answer to this question, I decided to just use the wireless router (Netgear) as a wireless switch to solve this problem for now.  Thanks.
0
 
LVL 1

Author Closing Comment

by:adrobnis
ID: 40488424
No answer provided, found work around.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now