Skip to main content

VPN Trubbel.Client can connect but not access inside resours

More
14 years 7 months ago #34440 by Marcs
Hello.

I have a problem with my firewall ASA 5505.
Clients can connect through network client and ipsec, but I can not access inside resorces. I can not ping anything inside the firewall.

I have a DC inside but it is not used for DHCP/DNS for the remote clients (instead handled by ASA). Do i have to make any changes to DC or is everything handled by the firewall?

Anyone have time for a quick look plz?
More
14 years 7 months ago #34441 by Marcs
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
access-list EGroup_splitTunnelAcl standard permit any
access-list VPN standard permit 192.168.1.0 255.255.255.0
access-list cisco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.120.0 255.255.255.0
ip local pool POOL 192.168.120.1-192.168.120.254 mask 255.255.0.0
More
14 years 7 months ago #34442 by Marcs
service-policy global_policy global
group-policy EGP internal
group-policy EGP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username Client password password* encrypted privilege 0
username Client attributes
vpn-group-policy EGP
service-type remote-access
tunnel-group EGP type remote-access
tunnel-group EGP general-attributes
address-pool POOL
default-group-policy EGP
tunnel-group EGP ipsec-attributes
pre-shared-key *
More
14 years 7 months ago #34455 by Losh
Hi have you tried using Cisco's Security Device Manager (SDM)?

SDM has a check box that allows you to access your LAN while allowing encrypted traffic over the VPN tunnel. Its a really fast way to troubleshoot your VPN without loosing any vital configs. This is under configure/vpn/split tunnel.

Install SDM on your PC/Laptop and access the ASA 5505, it really helps when troubleshooting your config files.

This is risky though! Unless you completely trust your inside network.

~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
More
14 years 7 months ago #34471 by Marcs
Replied by Marcs on topic Tnks for helping!
Unfortionally the SDM is not part of my service agreement :(

And the firewall is part of my home network, so my financial is abit limited...
More
14 years 7 months ago #34493 by Marcs
:oops:
did you meen ASDM?

Yes I have also been using that tool, (and run the wizard) but the problem still exists. That's why i started this thread.

So nowone can see what's wrong with my config?

BR
Marc
Time to create page: 0.139 seconds