ASA 5505 : cant ping accross VPN

Discussion in 'Cisco' started by barret bonden, Aug 21, 2008.

  1. The Cisco VPN client connects with the ASA 5505 , and assigns me a IP as it
    should , but after I cant ping any of the remote IP's on that LAN , much
    less do a drive mapping. I also cant browse a web page from my client PC
    after I connect.


    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DWbPIx6.y0JVaO7e encrypted
    passwd DWbPIx6.y0JVaO7e encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address xx.xxx.xxx.xx 255.255.255.0
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    access-list outside_access_in extended permit tcp any interface outside eq
    3389
    access-list inside_nat0_outbound extended permit ip any 192.168.0.160
    255.255.25
    5.240
    access-list inside_nat0_outbound extended permit ip any 192.168.1.160
    255.255.25
    5.240
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool pmonica 192.168.1.160-192.168.1.170 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface 3389 192.168.1.10 3389 netmask
    255.255.255
    ..255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 71.249.135.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
    0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map outside_dyn_map 20 set pfs group1
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    !
    dhcpd address 192.168.1.100-192.168.1.149 inside
    dhcpd enable inside
    !

    group-policy tmonica internal
    group-policy tmonica attributes
    wins-server value 192.168.1.10
    dns-server value xx.xx.161.12
    vpn-tunnel-protocol IPSec
    username monica password Wl4I2obo2cOmbkKh encrypted privilege 0
    username monica attributes
    vpn-group-policy tmonica
    username arthur password hbSd69.iUWF6UyYi encrypted privilege 0
    username arthur attributes
    vpn-group-policy tmonica
    username user4 password iCO1esaWA4hW04A5 encrypted privilege 0
    username user4 attributes
    vpn-group-policy tmonica
    username user1 password tJsDL6po9m1UFs.h encrypted privilege 0
    username user1 attributes
    vpn-group-policy tmonica
    username user3 password cmIVqIrgboX9/Nz/ encrypted privilege 0
    username user3 attributes
    vpn-group-policy tmonica
    username user2 password G1SInyx0A0./Dx3t encrypted privilege 0
    username user2 attributes
    vpn-group-policy tmonica
    tunnel-group tmonica type ipsec-ra
    tunnel-group tmonica general-attributes
    address-pool pmonica
    default-group-policy tmonica
    tunnel-group tmonica ipsec-attributes
    pre-shared-key *
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:1dcfd68a5d2cabf4f59365dc730ea030
    : end
    barret bonden, Aug 21, 2008
    #1
    1. Advertising

  2. The ping began to work (after I ran a remote ASDM session(not that that
    should have mattered)) ; I then could not map a drive; I then set up a WINS
    server on the rempote LAN and setup DNS for the ASA to serve out to me
    remotely. It changed nothing; I would get:

    System error 53 has occurred.
    The network path was not found.

    I then tried from another machine with V 5 of the the VPN client; that
    worked, but when I tried with a V5 client from another computer I would
    again get error 53.

    Not a lot of fun.


    "barret bonden" <> wrote in message
    news:48ad8c1a$0$29505$...
    >
    > The Cisco VPN client connects with the ASA 5505 , and assigns me a IP as
    > it should , but after I cant ping any of the remote IP's on that LAN ,
    > much less do a drive mapping. I also cant browse a web page from my
    > client PC after I connect.
    >
    >
    > hostname ciscoasa
    > domain-name default.domain.invalid
    > enable password DWbPIx6.y0JVaO7e encrypted
    > passwd DWbPIx6.y0JVaO7e encrypted
    > names
    > !
    > interface Vlan1
    > nameif inside
    > security-level 100
    > ip address 192.168.1.1 255.255.255.0
    > !
    > interface Vlan2
    > nameif outside
    > security-level 0
    > ip address xx.xxx.xxx.xx 255.255.255.0
    > !
    > interface Ethernet0/0
    > switchport access vlan 2
    > !
    > interface Ethernet0/1
    > !
    > interface Ethernet0/2
    > !
    > interface Ethernet0/3
    > !
    > interface Ethernet0/4
    > !
    > interface Ethernet0/5
    > !
    > interface Ethernet0/6
    > !
    > interface Ethernet0/7
    > !
    > ftp mode passive
    > dns server-group DefaultDNS
    > domain-name default.domain.invalid
    > access-list outside_access_in extended permit tcp any interface outside eq
    > 3389
    > access-list inside_nat0_outbound extended permit ip any 192.168.0.160
    > 255.255.25
    > 5.240
    > access-list inside_nat0_outbound extended permit ip any 192.168.1.160
    > 255.255.25
    > 5.240
    > pager lines 24
    > logging enable
    > logging asdm informational
    > mtu inside 1500
    > mtu outside 1500
    > ip local pool pmonica 192.168.1.160-192.168.1.170 mask 255.255.255.0
    > icmp unreachable rate-limit 1 burst-size 1
    > asdm image disk0:/asdm-524.bin
    > no asdm history enable
    > arp timeout 14400
    > global (outside) 1 interface
    > nat (inside) 0 access-list inside_nat0_outbound
    > nat (inside) 1 0.0.0.0 0.0.0.0
    > static (inside,outside) tcp interface 3389 192.168.1.10 3389 netmask
    > 255.255.255
    > .255
    > access-group outside_access_in in interface outside
    > route outside 0.0.0.0 0.0.0.0 71.249.135.1 1
    > timeout xlate 3:00:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    > 0:05:00
    > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
    > 0:02:00
    > timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    > http server enable
    > http 192.168.0.0 255.255.255.0 inside
    > http 192.168.1.0 255.255.255.0 inside
    > no snmp-server location
    > no snmp-server contact
    > snmp-server enable traps snmp authentication linkup linkdown coldstart
    > crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    > crypto dynamic-map outside_dyn_map 20 set pfs group1
    > crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    > crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    > crypto map outside_map interface outside
    > crypto isakmp enable outside
    > crypto isakmp policy 10
    > authentication pre-share
    > encryption 3des
    > hash sha
    > group 2
    > lifetime 86400
    > telnet 0.0.0.0 0.0.0.0 inside
    > telnet timeout 5
    > ssh 0.0.0.0 0.0.0.0 outside
    > ssh timeout 5
    > console timeout 0
    > dhcpd auto_config outside
    > !
    > dhcpd address 192.168.1.100-192.168.1.149 inside
    > dhcpd enable inside
    > !
    >
    > group-policy tmonica internal
    > group-policy tmonica attributes
    > wins-server value 192.168.1.10
    > dns-server value xx.xx.161.12
    > vpn-tunnel-protocol IPSec
    > username monica password Wl4I2obo2cOmbkKh encrypted privilege 0
    > username monica attributes
    > vpn-group-policy tmonica
    > username arthur password hbSd69.iUWF6UyYi encrypted privilege 0
    > username arthur attributes
    > vpn-group-policy tmonica
    > username user4 password iCO1esaWA4hW04A5 encrypted privilege 0
    > username user4 attributes
    > vpn-group-policy tmonica
    > username user1 password tJsDL6po9m1UFs.h encrypted privilege 0
    > username user1 attributes
    > vpn-group-policy tmonica
    > username user3 password cmIVqIrgboX9/Nz/ encrypted privilege 0
    > username user3 attributes
    > vpn-group-policy tmonica
    > username user2 password G1SInyx0A0./Dx3t encrypted privilege 0
    > username user2 attributes
    > vpn-group-policy tmonica
    > tunnel-group tmonica type ipsec-ra
    > tunnel-group tmonica general-attributes
    > address-pool pmonica
    > default-group-policy tmonica
    > tunnel-group tmonica ipsec-attributes
    > pre-shared-key *
    > !
    > class-map inspection_default
    > match default-inspection-traffic
    > !
    > !
    > policy-map type inspect dns preset_dns_map
    > parameters
    > message-length maximum 512
    > policy-map global_policy
    > class inspection_default
    > inspect dns preset_dns_map
    > inspect ftp
    > inspect h323 h225
    > inspect h323 ras
    > inspect rsh
    > inspect rtsp
    > inspect esmtp
    > inspect sqlnet
    > inspect skinny
    > inspect sunrpc
    > inspect xdmcp
    > inspect sip
    > inspect netbios
    > inspect tftp
    > !
    > service-policy global_policy global
    > prompt hostname context
    > Cryptochecksum:1dcfd68a5d2cabf4f59365dc730ea030
    > : end
    >
    >
    >
    >
    >
    barret bonden, Aug 23, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jspr

    ping accross a tunnell

    jspr, Feb 2, 2005, in forum: Cisco
    Replies:
    1
    Views:
    434
    Walter Roberson
    Feb 2, 2005
  2. Replies:
    1
    Views:
    3,312
  3. barret bonden
    Replies:
    3
    Views:
    2,873
    Walter Roberson
    Aug 18, 2008
  4. geek98
    Replies:
    1
    Views:
    5,218
    geek98
    Apr 17, 2010
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    590
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page