ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated

Discussion in 'Cisco' started by bjorn@kumlait.se, Jun 16, 2007.

  1. Guest

    Hi!

    We have been using a PIX 501 for a couple of years now to access a
    local network with Cisco VPN software client. However we now need
    access from another site with multiple users so I decided to buy two
    ASA 5505 UL bundle to do the job. First i tried to just hook up the
    new ASA at the remote site and connect to the PIX 501 with easy vpn.
    In went fine. I configured the new ASA right from the box with the old
    vpn profile settings and it worked right away. But as we also need the
    remote site to be accessed from the main site (PIX side) i tried to
    enable "network extension mode" but then the tunnel didnt work
    anymore. it connects but no traffic is coming through. I set it back
    to normal mode (only client) and it worked again.

    Is there anything else I need to do to be able to use network
    extension mode than just enabling it in ASDM ?

    The samt thing happens when using two ASA 5505 the same way.

    Software versions are:

    PIX: 6.3

    ASA 5505: 7.2.1 (used to be 7.2.2 but I had to downgrade because of a
    bug in 7.2.2 - vpnclient fails after reboot)

    Thanks,

    Bjorn
    , Jun 16, 2007
    #1
    1. Advertising

  2. Guest

    On 16 Juni, 14:21, wrote:
    > Hi!
    >
    > We have been using a PIX 501 for a couple of years now to access a
    > local network with Cisco VPN software client. However we now need
    > access from another site with multiple users so I decided to buy two
    > ASA 5505 UL bundle to do the job. First i tried to just hook up the
    > new ASA at the remote site and connect to the PIX 501 with easy vpn.
    > In went fine. I configured the new ASA right from the box with the old
    > vpn profile settings and it worked right away. But as we also need the
    > remote site to be accessed from the main site (PIX side) i tried to
    > enable "network extension mode" but then the tunnel didnt work
    > anymore. it connects but no traffic is coming through. I set it back
    > to normal mode (only client) and it worked again.
    >
    > Is there anything else I need to do to be able to use network
    > extension mode than just enabling it in ASDM ?
    >
    > The samt thing happens when using two ASA 5505 the same way.
    >
    > Software versions are:
    >
    > PIX: 6.3
    >
    > ASA 5505: 7.2.1 (used to be 7.2.2 but I had to downgrade because of a
    > bug in 7.2.2 - vpnclient fails after reboot)
    >
    > Thanks,
    >
    > Bjorn


    Sorry for sending a reply to my own post but heres an update:

    According to the log heres what happens when pinging the remote ip
    192.168.1.201 using only "client mode":

    6 Jun 17 2007 05:23:05 302020 192.168.1.201 192.168.10.2 Built ICMP
    connection for faddr 192.168.1.201/0 gaddr 192.168.1.6/2 laddr
    192.168.10.2/512

    And heres what happens when pinging the remote ip 192.168.1.201 using
    network extension mode:

    302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr
    192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512faddr
    192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512

    It seemes as the network extension mode does not set the correct
    gateway (this case 192.168.1.6 which is the IP the vpn client get from
    the PIX vpn pool).

    Any ideas ?

    Another bug ?

    Thanks,

    Bjorn
    , Jun 17, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Squigs
    Replies:
    3
    Views:
    4,001
    Squigs
    Aug 24, 2004
  2. Nick
    Replies:
    2
    Views:
    2,395
  3. H. Steuer
    Replies:
    2
    Views:
    4,706
    H. Steuer
    Mar 23, 2008
  4. lesniak81
    Replies:
    0
    Views:
    2,197
    lesniak81
    Jan 13, 2009
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    640
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page