Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: urgent help with ASA 5505 !!!

urgent help with ASA 5505 !!! 2 years 9 months ago #38480

  • dr.x
  • dr.x's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
hi all ,
i have two asa as below :
(192.168.2.0./24)lan1
asa1
internet
asa2
lan2(192.168.0.0/24)

now ive setup the vpn between asa1 & asa2
i secured on asa1 src subnet of 192.168.2.0/24
and i secured the remote subnet any

but i have problesm which is ,

lan1 can reach lan2
but lan1 cant go out from vpn when it request like 8.8.8.8 !!!!

i put the remote subnet to 0.0.0.0 0.0.0.0 but why it dont go out from the vpn ???

i have crypto command show on asa1 i have :
##sh crypto ipsec sa

interface: outside
Crypto map tag: Azure_IPSecCryptoMap, seq num: 2, local addr: xxxx

access-list outside_cryptomap extended permit ip 192.168.2.0 255.255.255.0 any
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer: xxxxx

note that the acl say 192.168.2.0 to anyone ,
but on the remote idnet is only 192.168.0.0 !!!

shouldnt the remote idnet be 0.0.0.0 .0.0.0.0 ???

i may be missunderstanding something , not sure ,

agian
vpn with lans on both asas is fine

agian
on asa1 i have no nat rules and access rules is allowing evrey thing in the firewall


can somebody guide me wt to do ??

i googled alot but no luck

wish to help
ASAP
regards
Last Edit: 2 years 9 months ago by dr.x. Reason: quick
The administrator has disabled public write access.

urgent help with ASA 5505 !!! 2 years 9 months ago #38481

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Dr.X
Welcome to Firewall.cx.
I've been trying to understand the exact problem you have, however the information you've provided is not enough, at least for me.

Am I correct when I say that LAN1 fails to obtain Internet access, where as LAN2 has Internet access without a problem?

If this is true then there are most probably two possibilities as to why this is happening:
1) LAN1 requestes are tunneled through the VPN to LAN2
2) You're missing something in your NAT or ACL statements on ASA (LAN1).

In order to help you, you should post your configurations (Change your public IP addresses) and please provide a clear description of your problem.

Many thanks.
Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup