Cisco ASA 5510 VPN connects but cannot access inside resources
I have spent an entire night trying to figure this out.
I was deploying a newer ASA 5510 v7.2(2) - on my network to replace my old ASA 5510 v7.0(6). So I thought it was gonna be straight forward. Copied all the settings and plugged the thing it.
Everything looks set at first, although I noticed that the new ASDM shows the Access Rules a little differently now. When adding/changing rules, you don't get to choose the Interface anymore on both the source and destination. Checked the access-lists on CLI and they are the same commands, so I thought it didn't matter.
I got thing live, did a few tests, then packed my bag and went home.
When I tried connecting back to the office to check on some server, that's when I realized VPN is not working.
Using Cisco VPN client 5.0.07.0290, I can connect to the network but I cannot access any of the hosts behind the firewall. I went through the config of both firewalls line by line and they seems to match. But why is my VPN dropping my packets?
This guide from Cisco helped fix the problem - ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example
I did remember that Split Tunneling never worked on my old ASA. However, it was working fine on my new config, but I have no access on the LAN. So following the above allowed me to access my inside with Split Tunnel working as intended.
I was deploying a newer ASA 5510 v7.2(2) - on my network to replace my old ASA 5510 v7.0(6). So I thought it was gonna be straight forward. Copied all the settings and plugged the thing it.
Everything looks set at first, although I noticed that the new ASDM shows the Access Rules a little differently now. When adding/changing rules, you don't get to choose the Interface anymore on both the source and destination. Checked the access-lists on CLI and they are the same commands, so I thought it didn't matter.
I got thing live, did a few tests, then packed my bag and went home.
When I tried connecting back to the office to check on some server, that's when I realized VPN is not working.
Using Cisco VPN client 5.0.07.0290, I can connect to the network but I cannot access any of the hosts behind the firewall. I went through the config of both firewalls line by line and they seems to match. But why is my VPN dropping my packets?
This guide from Cisco helped fix the problem - ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example
I did remember that Split Tunneling never worked on my old ASA. However, it was working fine on my new config, but I have no access on the LAN. So following the above allowed me to access my inside with Split Tunnel working as intended.
Comments
Post a Comment