- Posts: 1
- Thank you received: 0
urgent help with ASA 5505 !!!
10 years 8 months ago - 10 years 8 months ago #38480
by dr.x
urgent help with ASA 5505 !!! was created by dr.x
hi all ,
i have two asa as below :
now ive setup the vpn between asa1 & asa2
i secured on asa1 src subnet of 192.168.2.0/24
and i secured the remote subnet any
but i have problesm which is ,
lan1 can reach lan2
but lan1 cant go out from vpn when it request like 8.8.8.8 !!!!
i put the remote subnet to 0.0.0.0 0.0.0.0 but why it dont go out from the vpn ???
i have crypto command show on asa1 i have :
##sh crypto ipsec sa
interface: outside
Crypto map tag: Azure_IPSecCryptoMap, seq num: 2, local addr: xxxx
access-list outside_cryptomap extended permit ip 192.168.2.0 255.255.255.0 any
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer: xxxxx
note that the acl say 192.168.2.0 to anyone ,
but on the remote idnet is only 192.168.0.0 !!!
shouldnt the remote idnet be 0.0.0.0 .0.0.0.0 ???
i may be missunderstanding something , not sure ,
agian
vpn with lans on both asas is fine
agian
on asa1 i have no nat rules and access rules is allowing evrey thing in the firewall
can somebody guide me wt to do ??
i googled alot but no luck
wish to help
ASAP
regards
i have two asa as below :
(192.168.2.0./24)lan1
asa1
internet
asa2
lan2(192.168.0.0/24)
now ive setup the vpn between asa1 & asa2
i secured on asa1 src subnet of 192.168.2.0/24
and i secured the remote subnet any
but i have problesm which is ,
lan1 can reach lan2
but lan1 cant go out from vpn when it request like 8.8.8.8 !!!!
i put the remote subnet to 0.0.0.0 0.0.0.0 but why it dont go out from the vpn ???
i have crypto command show on asa1 i have :
##sh crypto ipsec sa
interface: outside
Crypto map tag: Azure_IPSecCryptoMap, seq num: 2, local addr: xxxx
access-list outside_cryptomap extended permit ip 192.168.2.0 255.255.255.0 any
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer: xxxxx
note that the acl say 192.168.2.0 to anyone ,
but on the remote idnet is only 192.168.0.0 !!!
shouldnt the remote idnet be 0.0.0.0 .0.0.0.0 ???
i may be missunderstanding something , not sure ,
agian
vpn with lans on both asas is fine
agian
on asa1 i have no nat rules and access rules is allowing evrey thing in the firewall
can somebody guide me wt to do ??
i googled alot but no luck
wish to help
ASAP
regards
Last edit: 10 years 8 months ago by dr.x. Reason: quick
10 years 8 months ago #38481
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic urgent help with ASA 5505 !!!
Dr.X
Welcome to Firewall.cx.
I've been trying to understand the exact problem you have, however the information you've provided is not enough, at least for me.
Am I correct when I say that LAN1 fails to obtain Internet access, where as LAN2 has Internet access without a problem?
If this is true then there are most probably two possibilities as to why this is happening:
1) LAN1 requestes are tunneled through the VPN to LAN2
2) You're missing something in your NAT or ACL statements on ASA (LAN1).
In order to help you, you should post your configurations (Change your public IP addresses) and please provide a clear description of your problem.
Many thanks.
Chris.
Welcome to Firewall.cx.
I've been trying to understand the exact problem you have, however the information you've provided is not enough, at least for me.
Am I correct when I say that LAN1 fails to obtain Internet access, where as LAN2 has Internet access without a problem?
If this is true then there are most probably two possibilities as to why this is happening:
1) LAN1 requestes are tunneled through the VPN to LAN2
2) You're missing something in your NAT or ACL statements on ASA (LAN1).
In order to help you, you should post your configurations (Change your public IP addresses) and please provide a clear description of your problem.
Many thanks.
Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.131 seconds