- Posts: 6
- Thank you received: 0
VPN Trubbel.Client can connect but not access inside resours
14 years 7 months ago #34440
by Marcs
Hello.
I have a problem with my firewall ASA 5505.
Clients can connect through network client and ipsec, but I can not access inside resorces. I can not ping anything inside the firewall.
I have a DC inside but it is not used for DHCP/DNS for the remote clients (instead handled by ASA). Do i have to make any changes to DC or is everything handled by the firewall?
Anyone have time for a quick look plz?
I have a problem with my firewall ASA 5505.
Clients can connect through network client and ipsec, but I can not access inside resorces. I can not ping anything inside the firewall.
I have a DC inside but it is not used for DHCP/DNS for the remote clients (instead handled by ASA). Do i have to make any changes to DC or is everything handled by the firewall?
Anyone have time for a quick look plz?
14 years 7 months ago #34441
by Marcs
Replied by Marcs on topic my running configuration part 1
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
access-list EGroup_splitTunnelAcl standard permit any
access-list VPN standard permit 192.168.1.0 255.255.255.0
access-list cisco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.120.0 255.255.255.0
ip local pool POOL 192.168.120.1-192.168.120.254 mask 255.255.0.0
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
access-list EGroup_splitTunnelAcl standard permit any
access-list VPN standard permit 192.168.1.0 255.255.255.0
access-list cisco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.120.0 255.255.255.0
ip local pool POOL 192.168.120.1-192.168.120.254 mask 255.255.0.0
14 years 7 months ago #34442
by Marcs
Replied by Marcs on topic my running configuration part 2
service-policy global_policy global
group-policy EGP internal
group-policy EGP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username Client password password* encrypted privilege 0
username Client attributes
vpn-group-policy EGP
service-type remote-access
tunnel-group EGP type remote-access
tunnel-group EGP general-attributes
address-pool POOL
default-group-policy EGP
tunnel-group EGP ipsec-attributes
pre-shared-key *
group-policy EGP internal
group-policy EGP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username Client password password* encrypted privilege 0
username Client attributes
vpn-group-policy EGP
service-type remote-access
tunnel-group EGP type remote-access
tunnel-group EGP general-attributes
address-pool POOL
default-group-policy EGP
tunnel-group EGP ipsec-attributes
pre-shared-key *
14 years 7 months ago #34455
by Losh
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
Replied by Losh on topic Re: VPN Trubbel.Client can connect but not access inside resours
Hi have you tried using Cisco's Security Device Manager (SDM)?
SDM has a check box that allows you to access your LAN while allowing encrypted traffic over the VPN tunnel. Its a really fast way to troubleshoot your VPN without loosing any vital configs. This is under configure/vpn/split tunnel.
Install SDM on your PC/Laptop and access the ASA 5505, it really helps when troubleshooting your config files.
This is risky though! Unless you completely trust your inside network.
SDM has a check box that allows you to access your LAN while allowing encrypted traffic over the VPN tunnel. Its a really fast way to troubleshoot your VPN without loosing any vital configs. This is under configure/vpn/split tunnel.
Install SDM on your PC/Laptop and access the ASA 5505, it really helps when troubleshooting your config files.
This is risky though! Unless you completely trust your inside network.
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
14 years 7 months ago #34471
by Marcs
Replied by Marcs on topic Tnks for helping!
Unfortionally the SDM is not part of my service agreement
And the firewall is part of my home network, so my financial is abit limited...
And the firewall is part of my home network, so my financial is abit limited...
14 years 7 months ago #34493
by Marcs
Replied by Marcs on topic Re: VPN Trubbel.Client can connect but not access inside resours
:oops:
did you meen ASDM?
Yes I have also been using that tool, (and run the wizard) but the problem still exists. That's why i started this thread.
So nowone can see what's wrong with my config?
BR
Marc
did you meen ASDM?
Yes I have also been using that tool, (and run the wizard) but the problem still exists. That's why i started this thread.
So nowone can see what's wrong with my config?
BR
Marc
Time to create page: 0.139 seconds