Skip to main content

urgent help with ASA 5505 !!!

More
10 years 2 weeks ago - 10 years 2 weeks ago #38480 by dr.x
hi all ,
i have two asa as below :

(192.168.2.0./24)lan1


asa1
internet
asa2
lan2(192.168.0.0/24)


now ive setup the vpn between asa1 & asa2
i secured on asa1 src subnet of 192.168.2.0/24
and i secured the remote subnet any

but i have problesm which is ,

lan1 can reach lan2
but lan1 cant go out from vpn when it request like 8.8.8.8 !!!!

i put the remote subnet to 0.0.0.0 0.0.0.0 but why it dont go out from the vpn ???

i have crypto command show on asa1 i have :
##sh crypto ipsec sa

interface: outside
Crypto map tag: Azure_IPSecCryptoMap, seq num: 2, local addr: xxxx

access-list outside_cryptomap extended permit ip 192.168.2.0 255.255.255.0 any
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer: xxxxx

note that the acl say 192.168.2.0 to anyone ,
but on the remote idnet is only 192.168.0.0 !!!

shouldnt the remote idnet be 0.0.0.0 .0.0.0.0 ???

i may be missunderstanding something , not sure ,

agian
vpn with lans on both asas is fine

agian
on asa1 i have no nat rules and access rules is allowing evrey thing in the firewall


can somebody guide me wt to do ??

i googled alot but no luck

wish to help
ASAP
regards
Last edit: 10 years 2 weeks ago by dr.x. Reason: quick
More
10 years 2 weeks ago #38481 by Chris
Replied by Chris on topic urgent help with ASA 5505 !!!
Dr.X
Welcome to Firewall.cx.
I've been trying to understand the exact problem you have, however the information you've provided is not enough, at least for me.

Am I correct when I say that LAN1 fails to obtain Internet access, where as LAN2 has Internet access without a problem?

If this is true then there are most probably two possibilities as to why this is happening:
1) LAN1 requestes are tunneled through the VPN to LAN2
2) You're missing something in your NAT or ACL statements on ASA (LAN1).

In order to help you, you should post your configurations (Change your public IP addresses) and please provide a clear description of your problem.

Many thanks.
Chris.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.140 seconds