On 16 Juni, 14:21, b...@kumlait.se wrote:
> Hi!
>
> We have been using a PIX 501 for a couple of years now to access a
> local network with Cisco VPN software client. However we now need
> access from another site with multiple users so I decided to buy two
> ASA 5505 UL bundle to do the job. First i tried to just hook up the
> new ASA at the remote site and connect to the PIX 501 with easy vpn.
> In went fine. I configured the new ASA right from the box with the old
> vpn profile settings and it worked right away. But as we also need the
> remote site to be accessed from the main site (PIX side) i tried to
> enable "network extension mode" but then the tunnel didnt work
> anymore. it connects but no traffic is coming through. I set it back
> to normal mode (only client) and it worked again.
>
> Is there anything else I need to do to be able to use network
> extension mode than just enabling it in ASDM ?
>
> The samt thing happens when using two ASA 5505 the same way.
>
> Software versions are:
>
> PIX: 6.3
>
> ASA 5505: 7.2.1 (used to be 7.2.2 but I had to downgrade because of a
> bug in 7.2.2 - vpnclient fails after reboot)
>
> Thanks,
>
> Bjorn
Sorry for sending a reply to my own post but heres an update:
According to the log heres what happens when pinging the remote ip
192.168.1.201 using only "client mode":
6 Jun 17 2007 05:23:05 302020 192.168.1.201 192.168.10.2 Built ICMP
connection for faddr 192.168.1.201/0 gaddr 192.168.1.6/2 laddr
192.168.10.2/512
And heres what happens when pinging the remote ip 192.168.1.201 using
network extension mode:
302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr
192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512faddr
192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512
It seemes as the network extension mode does not set the correct
gateway (this case 192.168.1.6 which is the IP the vpn client get from
the PIX vpn pool).
Any ideas ?
Another bug ?
Thanks,
Bjorn
|
Similar Threads
