Announcement

Collapse
No announcement yet.

remote-access vpn problem on asa

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • remote-access vpn problem on asa

    Hi,
    I configured a remote-access vpn on an ASA 5510 version 8.3. This is the configuration


    ............
    tunnel-group prova4 type remote-access
    tunnel-group prova4 general-attributes
    address-pool vpnpool1
    default-group-policy test_vpnpool1_policy
    tunnel-group prova4 ipsec-attributes
    pre-shared-key *****
    ................
    access-list soft_vpnpool1 extended permit icmp host 192.168.31.1 host 192.168.32.254
    access-list soft_vpnpool1 extended permit ip host 192.168.31.1 host 192.168.32.254
    access-list soft_vpnpool1 extended permit ip any any
    access-list soft_vpnpool1 extended permit icmp any any
    .............
    group-policy test_vpnpool1_policy attributes
    vpn-filter value soft_vpnpool1
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value soft_vpnpool1
    ..................
    nat (inside,any) source static N1-192.168.32.0 N1-192.168.32.0 destination static N1-192.168.31.0 N1-192.168.31.0 unidirectional
    .........


    The vpn goes up and I get an ip address, but it's impossible to reach the internal network.

    This is what I can see from the logs:

    .................................................. ..........
    Mar 11 10:10:20 192.168.32.140 : Mar 11 10:10:20 CET: %ASA-ipaa-6-737026: IPAA: Client assigned 192.168.31.1 from local pool
    Mar 11 10:10:20 192.168.32.140 : Mar 11 10:10:20 CET: %ASA-vpn-6-713228: Group = prova4, Username = pippo, IP = 212.x.x.x, Assigned private IP address 192.168.31.1 to remote user
    Mar 11 10:10:20 192.168.32.141 : Mar 11 10:10:20 CET: %ASA-ipaa-6-737029: IPAA: Added 192.168.31.1 to standby
    Mar 11 10:10:29 192.168.32.140 : Mar 11 10:10:29 CET: %ASA-bridge-6-110002: Failed to locate egress interface for UDP from outside:192.168.31.1/1885 to 239.255.255.250/1900
    Mar 11 10:11:51 192.168.32.140 : Mar 11 10:11:51 CET: %ASA-vpn-5-713050: Group = prova4, Username =pippo, IP = 212.x.x.x, Connection terminated for peer pippo. Reason: Peer Terminate Remote Proxy 192.168.31.1, Local Proxy 0.0.0.0
    Mar 11 10:11:51 192.168.32.140 : Mar 11 10:11:51 CET: %ASA-ipaa-6-737016: IPAA: Freeing local pool address 192.168.31.1
    Mar 11 10:11:51 192.168.32.141 : Mar 11 10:11:51 CET: %ASA-ipaa-6-737031: IPAA: Removed 192.168.31.1 from standby
    .................................................. ..........


    The only error I can see is %ASA-bridge-6-110002, which is not related to the traffic I'm generating, it's like a messenger program trying to do multicast.
    What I can tell you from the vpn client I'm using is that I can see encrypted packets going out my tunnel, but nothing incoming. Also, on the firewall I can see no incoming packets from this tunnel.
    Another thing I noticed: is it correct that I do not have a default gateway ip address when the tunnel goes up? I'm not talking about my normal network, when the vpn goes up I can see that my address is 192.168.31.1, which is correctly taken from the pool I've decided, but my default gateway is again 192.168.31.1.
    Thank for your help.
Working...
X