Question

Locked

asa 5505 - vpn problem

By hial ·
Hello,
With this asa 5505 the vpn's can connect to the local domain but not to the other networks for which I have definid routes in the asa.
I see that the vpn's get no default gateway.
Could this be the problem ?
Please help !

This is the config :

ASA Version 7.2(4)
!
hostname Test
domain-name Test.com
enable password F4M969RI8REUCzj4 encrypted
passwd F4M969RI8REUCzj4 encrypted
names
name 194.78.101.4 Outsideip
name 10.229.110.7 insideip
!
interface Vlan1
nameif inside
security-level 100
ip address insideip 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address Outsideip 255.255.255.248
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name Test.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
access-list nonat extended permit ip any host 10.229.110.200
access-list nonat extended permit ip any host 10.229.110.201
access-list nonat extended permit ip any host 10.229.110.202
access-list nonat extended permit ip any host 10.229.110.203
access-list nonat extended permit ip any host 10.229.110.204
access-list nonat extended permit ip any host 10.229.110.205
access-list nonat extended permit ip any host 10.229.110.206
access-list nonat extended permit ip any host 10.229.110.207
access-list nonat extended permit ip any host 10.229.110.208
access-list nonat extended permit ip any host 10.229.110.209
access-list nonat extended permit ip any host 10.229.110.210
access-list nonat extended permit ip any host 10.229.110.211
access-list nonat extended permit ip any host 10.229.110.212
access-list nonat extended permit ip any host 10.229.110.213
access-list nonat extended permit ip any host 10.229.110.214
access-list nonat extended permit ip any host 10.229.110.215
access-list nonat extended permit ip any host 10.229.110.216
access-list nonat extended permit ip any host 10.229.110.217
access-list nonat extended permit ip any host 10.229.110.218
access-list nonat extended permit ip any host 10.229.110.219
access-list nonat extended permit ip any host 10.229.110.220
access-list nonat extended permit ip any host 10.229.110.221
access-list nonat extended permit ip any host 10.229.110.222
access-list nonat extended permit ip any host 10.229.110.223
access-list nonat extended permit ip any host 10.229.110.224
access-list nonat extended permit ip any host 10.229.110.225
access-list nonat extended permit ip any host 10.229.110.226
access-list nonat extended permit ip any host 10.229.110.227
access-list nonat extended permit ip any host 10.229.110.228
access-list nonat extended permit ip any host 10.229.110.229
access-list nonat extended permit ip any host 10.229.110.230
access-list nonat extended permit ip any host 10.229.110.231
access-list nonat extended permit ip any host 10.229.110.232
access-list nonat extended permit ip any host 10.229.110.233
access-list nonat extended permit ip any host 10.229.110.234
access-list nonat extended permit ip any host 10.229.110.235
access-list nonat extended permit ip any host 10.229.110.236
access-list nonat extended permit ip any host 10.229.110.238
access-list nonat extended permit ip any host 10.229.110.237
access-list nonat extended permit ip any host 10.229.110.239
!
access-list splittunnel standard permit 10.229.110.0 255.255.255.0
!
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit tcp any host Outsideip eq smtp
access-list outside_access_in extended permit tcp any host Outsideip eq pop3
access-list outside_access_in extended permit tcp any host Outsideip eq imap4
!
access-list lan_to_outside extended permit ip any any
access-list lan_to_outside extended permit tcp any any
!
pager lines 24
logging enable
logging timestamp
logging console debugging
logging asdm informational
logging ftp-bufferwrap
logging ftp-server 10.229.110.13 \\10.229.110.13\dossiers gw\wbeedgeadm ****
mtu inside 1500
mtu outside 1500
!
ip local pool vpnpool 10.229.110.200-10.229.110.235 mask 255.255.255.0
!
ip verify reverse-path interface outside
!
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
!
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0

!
static (inside,outside) tcp interface imap4 10.229.105.205 imap4 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 10.229.105.205 smtp netmask 255.255.255.255
!
access-group lan_to_outside in interface inside
access-group outside_access_in in interface outside
!
route inside 192.168.191.0 255.255.255.0 10.229.110.1 1
route inside 192.168.192.0 255.255.255.0 10.229.110.1 1
route inside 10.229.105.0 255.255.255.0 10.229.110.1 1
route inside 10.229.9.0 255.255.255.0 10.229.110.1 1
route inside 10.229.4.0 255.255.255.0 10.229.110.1 1
route outside 0.0.0.0 0.0.0.0 Outsideip 1
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:45:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 10.229.110.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address nonat
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp disconnect-notify
crypto isakmp reload-wait
!
telnet 10.229.110.0 255.255.255.0 inside
telnet timeout 5
ssh 10.229.110.0 255.255.255.0 inside
ssh timeout 20
console timeout 60
management-access inside
!
group-policy Remotevpnpol internal
group-policy Remotevpnpol attributes
dns-server value 10.229.110.11
vpn-access-hours none
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
group-lock none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnel
msie-proxy method auto-detect
!
group-policy BB internal
group-policy BB attributes
vpn-access-hours none
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
ip-comp disable
re-xauth disable
group-lock none
pfs disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
username tester password 1yqoSh/uW8iFQoHh encrypted privilege 15
username test password Ta8HvkJqraRyD10t encrypted privilege 15
username test attributes
vpn-group-policy remotevpn
vpn-idle-timeout 480
vpn-session-timeout 480
vpn-framed-ip-address 10.229.110.210 255.255.255.0
webvpn
svc keepalive 60
!
tunnel-group remotevpn type ipsec-ra
tunnel-group remotevpn general-attributes
address-pool vpnpool
default-group-policy Remotevpnpol
tunnel-group remotevpn ipsec-attributes
pre-shared-key *
tunnel-group-map default-group remotevpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
imap4s
port 143
server 10.229.105.205
no outstanding
default-group-policy BB
pop3s
server 10.229.105.205
no outstanding
default-group-policy BB
smtps
server 10.229.105.205
default-group-policy BB

prompt hostname context
Cryptochecksum:7ded0518317f4c9d4631d1508e98a13e
: end

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

is your DHCP configured properly

by skmdmasud In reply to asa 5505 - vpn problem

Sorry I didn't go through the entire configuration. Just thinking since no one replied did you configure your DHCP for your VPN the VPN client can get the gateway and lots of other settings from the DHCP when connected.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Hardware Forums