ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

Given an IPSec VPN remote access scenario, Why doesn't a server in the corporate site send replies to the remote access VPN user?

An IPSec remote access client has initiated a VPN connection to a Cisco ASA successfully. However, when the remote user tried to ping a server in the corporate site, the user didn't get any response. Note that the server can send replies successfully internally and to other WAN sites.

user-image
تم إضافة السؤال من قبل Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)
تاريخ النشر: 2014/01/08
abdallahi Eminou
من قبل abdallahi Eminou , IT Technician , Kinross Gold Corporation

please check gre protocol does it allow by ASP

Von Fritz Besa
من قبل Von Fritz Besa , team leader , S H Construction Wll

yes, if a system has a remote access capability to be able to control it through a pc or mobile with an internet access

mahfoudh haji
من قبل mahfoudh haji , Team Leader/Supervisor , ZACCA ENVIRONMENTAL CLUB

Yes, in the world of new technology this issue is quit simple.

Rami Haddad
من قبل Rami Haddad , IT Security Professional - Advance , Injazat Data Systems

This can be related to many issues:

1-check NAT exempt configuration.

2- if splite tunnel is configured is the server IP in the splite tunnel configuration.

3-server or any layer three devices in the path (between the fire LAN interface and the server) should know a route the VPN clients pool

you can verify this simply using capture on the ASA LAN interface

4-access-group applied on the LAN interface or devices in the path.

5-Check ASP captures on the ASA during the test, is there any drops related to traffic between VPN client IP and server IP.

 

hope this helps.

 

Best regards,

Rami Haddad

CCIE security #35629