Skip to main content

Cisco ASA - VPN: Access works for some not others.

More
17 years 1 week ago #24293 by Torvald
The VPN tunnel forms correctly for all users. Problem is they all should have the same full access.

I can ping any device from home when connected to the VPN others can not ping anything when connected via VPN.

One VPN config on FW, everyone using cisco VPN client. One ACL for access. No idea why it works for some and not others. Everyone pulls from the same IP pool that the ACL is set to use.

Any ideas why the Laptop users are having a problem and I'm not. It's real hard to trouble shoot when your equipment works fine :)
More
17 years 1 week ago #24294 by ZiPPy
Which VPN unit are you using? Cisco ASA 5500? I am running a Cisco VPN 3000 Concentrator at the office and I'm having the same issue with only some users.

When you try and connect with the Cisco VPN client, does the lock actually lock? Or does it stay unlocked? My users find the icon to lock but when they attempt to RDP into there machines they get no connection. I login to the VPN and I can see some of the users attempting to connect.

ZiPPy

ZiPPy
More
17 years 1 week ago #24298 by Torvald
Sorry I should have put it in..The ASA 5500.

Yes they get a solid VPN tunnel but no access. some how they are being blocked by the firewall when they should pass through it, while for others it works fine. right now it seems to be laptops having the issue but I see no reason for that.

Once the tunnel is secure the ACl's should take over and apply the same to everyone. If no on got through I would look for a bad ACL or NAT rule but since it works for some and not others I don't really know where to look.
More
17 years 1 week ago #24315 by Elohim
do some debugs...

debug crypto isakmp
debug crypto ipsec
show crypto isakmp sa
show crypto ipsec sa
show access-list
More
16 years 11 months ago #24551 by Torvald
Just wanted to let you know it seems to be "fixed" looks like the config was fine it was the clients that had issues.
More
16 years 11 months ago #24654 by Mirghani
Please Check your Clients Laptops that it is not infected by a virus and check clients firewall on their laptops.
Time to create page: 0.130 seconds