Given an IPSec VPN remote access scenario, Why doesn't a server in the corporate site send replies to the remote access VPN user?

Question

An IPSec remote access client has initiated a VPN connection to a Cisco ASA successfully. However, when the remote user tried to ping a server in the corporate site, the user didn't get any response. Note that the server can send replies successfully internally and to other WAN sites.

abdallahi Eminou · Answer

please check gre protocol does it allow by ASP

Von Fritz Besa · Answer

yes, if a system has a remote access capability to be able to control it through a pc or mobile with an internet access

mahfoudh haji · Answer

Yes, in the world of new technology this issue is quit simple.

Rami Haddad · Answer

This can be related to many issues:

1-check NAT exempt configuration.

2- if splite tunnel is configured is the server IP in the splite tunnel configuration.

3-server or any layer three devices in the path (between the fire LAN interface and the server) should know a route the VPN clients pool

you can verify this simply using capture on the ASA LAN interface

4-access-group applied on the LAN interface or devices in the path.

5-Check ASP captures on the ASA during the test, is there any drops related to traffic between VPN client IP and server IP.

hope this helps.

Best regards,

Rami Haddad

CCIE security #35629

Produits Par Bayt.com

Utilisez l'Appli de Bayt.com

Communiquez avec les autres et partagez vos connaissances professionnelles

Given an IPSec VPN remote access scenario, Why doesn't a server in the corporate site send replies to the remote access VPN user?

Recherches Populaires

More Questions Like This