Question

Locked

Cisco VPN Client Connects to ASA5505 but can't talk to network

By akclark ·
So the problem is it authenticates and connects, but the clients gets an ip of 172.16.28.20/27 and a default gw of 172.16.28.1/27.

My ASA is at 172.16.28.30/27.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Well, what is at 172.16.28.1 then?

by seanferd In reply to Cisco VPN Client Connects ...

Is that the gateway address of the ASA? I see the LAN address of the ASA is different, but no matter, if configured that way. (And irrelevant if the VPN client isn't in the LAN as well.)

But what is a VPN client supposed to connect to from there? Is it routed to wherever it is supposed to go? Does the client have privileges to talk to whatever it is expected to talk to in the network?

With security appliances like these, you have to explicitly allow everything you want. Everything is denied by default.

Have you checked the ASA logs, or relevant server logs? Have you done any packet capture and analysis?

Collapse -

ASA

by akclark In reply to Well, what is at 172.16.2 ...

1) The outside interface has an IP address of 65.103.174.121

2) The VPN client should be able to talk to the whole of the lan

3) I haven't allowed anything that the VPN-Wizard in ISDM didn't allow

4) I don't have any knowledge of packet capture/ananlysis techniques

Collapse -

so what's the lan network addressing ?

by CG IT In reply to ASA
Collapse -

LAN Range

by akclark In reply to so what's the lan network ...

The internal LAN Range is 172.16.28.0/27

The VPN Client gets .20 but cannot ping anything.

Collapse -

what gives out lan addresses?

by CG IT In reply to LAN Range

there's gotta be a DHCP relay agent somewhere with a pool with DHCP provided addresses or a static pool of addresses for remote clients.

If they have a lan address and connect, then it's possible that ICMP packets are being denied at the computer firewall.

Collapse -

DHCP

by akclark In reply to what gives out lan addres ...

DHCP is handed out internally by a Windows DHCP server. But I created a DHCP Pool on the ASA for VPN clients.

I can connect to our customer's pix just fine using the cisco vpn client, but not to my asa at home.

I can email you my config to sanity check if you like.

Collapse -

humm so new information

by CG IT In reply to DHCP

so what are you doing here? I don't quite get it. You say, " connect to customer's PIX firewall but not to ASA at home"?

Where the heck are you when you try to connect to the ASA? Customers? and through their PIX firwall?

and where is the DHCP server? Customers? home?

If your behind the PIX and it isn't configured to allow the traffic, it's denied, period.

Anything else you care to divulge that you haven't so far?

Collapse -

Cisco VPN Client connected but remote LAN doesn'reply

by tsagarius In reply to Cisco VPN Client Connects ...

Same problem. ASA gives ip address, subnet mask and so on. But doesn't reply any ping request. It happened from nothing :) 2 clients appeared to be like this. Other ones have nothing to complain, they work as usually.

I tested this user profile with its settings from different location to check some ACL matter, but no problem, works perfect.

How do you think, is that ASA problem? or it can be client PC's problem,

Thanks in advance

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Forums