Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Cisco ASA - VPN: Access works for some not others.

Cisco ASA - VPN: Access works for some not others. 8 years 11 months ago #24293

  • Torvald
  • Torvald's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
The VPN tunnel forms correctly for all users. Problem is they all should have the same full access.

I can ping any device from home when connected to the VPN others can not ping anything when connected via VPN.

One VPN config on FW, everyone using cisco VPN client. One ACL for access. No idea why it works for some and not others. Everyone pulls from the same IP pool that the ACL is set to use.

Any ideas why the Laptop users are having a problem and I'm not. It's real hard to trouble shoot when your equipment works fine :)
The administrator has disabled public write access.

Re: Cisco ASA - VPN: Access works for some not others. 8 years 11 months ago #24294

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
Which VPN unit are you using? Cisco ASA 5500? I am running a Cisco VPN 3000 Concentrator at the office and I'm having the same issue with only some users.

When you try and connect with the Cisco VPN client, does the lock actually lock? Or does it stay unlocked? My users find the icon to lock but when they attempt to RDP into there machines they get no connection. I login to the VPN and I can see some of the users attempting to connect.

ZiPPy
ZiPPy
The administrator has disabled public write access.

Re: Cisco ASA - VPN: Access works for some not others. 8 years 11 months ago #24298

  • Torvald
  • Torvald's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
Sorry I should have put it in..The ASA 5500.

Yes they get a solid VPN tunnel but no access. some how they are being blocked by the firewall when they should pass through it, while for others it works fine. right now it seems to be laptops having the issue but I see no reason for that.

Once the tunnel is secure the ACl's should take over and apply the same to everyone. If no on got through I would look for a bad ACL or NAT rule but since it works for some and not others I don't really know where to look.
The administrator has disabled public write access.

Re: Cisco ASA - VPN: Access works for some not others. 8 years 11 months ago #24315

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
do some debugs...

debug crypto isakmp
debug crypto ipsec
show crypto isakmp sa
show crypto ipsec sa
show access-list
The administrator has disabled public write access.

Re: Cisco ASA - VPN: Access works for some not others. 8 years 11 months ago #24551

  • Torvald
  • Torvald's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
Just wanted to let you know it seems to be "fixed" looks like the config was fine it was the clients that had issues.
The administrator has disabled public write access.

Re: Cisco ASA - VPN: Access works for some not others. 8 years 10 months ago #24654

  • Mirghani
  • Mirghani's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Please Check your Clients Laptops that it is not infected by a virus and check clients firewall on their laptops.
The administrator has disabled public write access.
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup