cisco asa 8.4 + cisco vpn client

Discussion in 'Cisco' started by Slava, Jan 21, 2012.

  1. Slava

    Slava Guest

    explain that I did not do so. need to arrange a remote connection, for
    those who do not know, much has changed in 8.4.
    this configuration of the docks from the site cisco.com

    hostname(config)# interface ethernet0
    hostname(config-if)# ip address 10.10.4.200 255.255.0.0
    hostname(config-if)# nameif outside
    hostname(config-if)# no shutdown
    hostname(config)# crypto ikev1 policy 1
    hostname(config-ikev1-policy)# authentication pre-share
    hostname(config-ikev1-policy)# encryption 3des
    hostname(config-ikev1-policy)# hash sha
    hostname(config-ikev1-policy)# group 2
    hostname(config-ikev1-policy)# lifetime 43200
    hostname(config)# crypto ikev1 outside
    hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
    hostname(config)# username testuser password 12345678
    hostname(config)# crypto ipsec ikev1 transform set FirstSet esp-3des
    esp-md5-hmac
    hostname(config)# tunnel-group testgroup type remote-access
    hostname(config)# tunnel-group testgroup general-attributes
    hostname(config-general)# address-pool testpool
    hostname(config)# tunnel-group testgroup ipsec-attributes
    hostname(config-ipsec)# ikev1 pre-shared-key 44kkaol59636jnfx
    hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set
    FirstSet
    hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
    hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
    hostname(config)# crypto map mymap interface outside
    nat (inside,outside) source static any any destination static
    192.168.0.0 192.168.0.0 route-lookup
    hostname(config)# write memory
    n this case a config client connects, is assigned an address from the
    pool, but local resources can not see, tell me, what is missing.
     
    Slava, Jan 21, 2012
    #1
    1. Advertising

  2. Slava

    jay.sh1989

    Joined:
    Feb 10, 2012
    Messages:
    1
    change the nat statement and make it more specific!

    object network obj_local
    subnet 10.10.4.200 255.255.0.0

    object network obj_remote
    subnet 192.168.0.0 255.255.255.0

    nat (inside,outside) source static obj_local obj_local destination static
    obj_remote obj_remote route-lookup

    apply management-access inside and try to ping inside ip (interfaces do not take part in natting)

    if this doesn't work run packet-tracer which will show you drop if there is any!

    Packet-tracer input inside icmp 10.10.4.x (any inside ip) 8 0 192.168.0.x(connect client ip)
     
    jay.sh1989, Feb 10, 2012
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MP
    Replies:
    2
    Views:
    12,318
  2. jarcar
    Replies:
    0
    Views:
    611
    jarcar
    Feb 12, 2004
  3. K.J. 44
    Replies:
    2
    Views:
    3,214
    K.J. 44
    Oct 20, 2006
  4. Replies:
    1
    Views:
    3,379
  5. lesniak81
    Replies:
    0
    Views:
    2,234
    lesniak81
    Jan 13, 2009
Loading...

Share This Page