cisco asa 8.4 + cisco vpn client

Discussion in 'Cisco' started by Slava, Jan 21, 2012.

  1. Slava

    Slava Guest

    explain that I did not do so. need to arrange a remote connection, for
    those who do not know, much has changed in 8.4.
    this configuration of the docks from the site cisco.com

    hostname(config)# interface ethernet0
    hostname(config-if)# ip address 10.10.4.200 255.255.0.0
    hostname(config-if)# nameif outside
    hostname(config-if)# no shutdown
    hostname(config)# crypto ikev1 policy 1
    hostname(config-ikev1-policy)# authentication pre-share
    hostname(config-ikev1-policy)# encryption 3des
    hostname(config-ikev1-policy)# hash sha
    hostname(config-ikev1-policy)# group 2
    hostname(config-ikev1-policy)# lifetime 43200
    hostname(config)# crypto ikev1 outside
    hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
    hostname(config)# username testuser password 12345678
    hostname(config)# crypto ipsec ikev1 transform set FirstSet esp-3des
    esp-md5-hmac
    hostname(config)# tunnel-group testgroup type remote-access
    hostname(config)# tunnel-group testgroup general-attributes
    hostname(config-general)# address-pool testpool
    hostname(config)# tunnel-group testgroup ipsec-attributes
    hostname(config-ipsec)# ikev1 pre-shared-key 44kkaol59636jnfx
    hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set
    FirstSet
    hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
    hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
    hostname(config)# crypto map mymap interface outside
    nat (inside,outside) source static any any destination static
    192.168.0.0 192.168.0.0 route-lookup
    hostname(config)# write memory
    n this case a config client connects, is assigned an address from the
    pool, but local resources can not see, tell me, what is missing.
     
    Slava, Jan 21, 2012
    #1
    1. Advertisements

  2. Slava

    jay.sh1989

    Joined:
    Feb 10, 2012
    Messages:
    1
    Likes Received:
    0
    change the nat statement and make it more specific!

    object network obj_local
    subnet 10.10.4.200 255.255.0.0

    object network obj_remote
    subnet 192.168.0.0 255.255.255.0

    nat (inside,outside) source static obj_local obj_local destination static
    obj_remote obj_remote route-lookup

    apply management-access inside and try to ping inside ip (interfaces do not take part in natting)

    if this doesn't work run packet-tracer which will show you drop if there is any!

    Packet-tracer input inside icmp 10.10.4.x (any inside ip) 8 0 192.168.0.x(connect client ip)
     
    jay.sh1989, Feb 10, 2012
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.