Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: urgent help with ASA 5505 !!!

urgent help with ASA 5505 !!! 4 years 10 months ago #38480

  • dr.x
  • dr.x's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
hi all ,
i have two asa as below :



now ive setup the vpn between asa1 & asa2
i secured on asa1 src subnet of
and i secured the remote subnet any

but i have problesm which is ,

lan1 can reach lan2
but lan1 cant go out from vpn when it request like !!!!

i put the remote subnet to but why it dont go out from the vpn ???

i have crypto command show on asa1 i have :
##sh crypto ipsec sa

interface: outside
Crypto map tag: Azure_IPSecCryptoMap, seq num: 2, local addr: xxxx

access-list outside_cryptomap extended permit ip any
local ident (addr/mask/prot/port): (
remote ident (addr/mask/prot/port): (
current_peer: xxxxx

note that the acl say to anyone ,
but on the remote idnet is only !!!

shouldnt the remote idnet be . ???

i may be missunderstanding something , not sure ,

vpn with lans on both asas is fine

on asa1 i have no nat rules and access rules is allowing evrey thing in the firewall

can somebody guide me wt to do ??

i googled alot but no luck

wish to help

urgent help with ASA 5505 !!! 4 years 10 months ago #38481

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
Welcome to
I've been trying to understand the exact problem you have, however the information you've provided is not enough, at least for me.

Am I correct when I say that LAN1 fails to obtain Internet access, where as LAN2 has Internet access without a problem?

If this is true then there are most probably two possibilities as to why this is happening:
1) LAN1 requestes are tunneled through the VPN to LAN2
2) You're missing something in your NAT or ACL statements on ASA (LAN1).

In order to help you, you should post your configurations (Change your public IP addresses) and please provide a clear description of your problem.

Many thanks.
Chris Partsenidis.
Founder & Editor-in-Chief
  • Page:
  • 1
Time to create page: 0.146 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup