Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Given an IPSec VPN remote access scenario, Why doesn't a server in the corporate site send replies to the remote access VPN user?

An IPSec remote access client has initiated a VPN connection to a Cisco ASA successfully. However, when the remote user tried to ping a server in the corporate site, the user didn't get any response. Note that the server can send replies successfully internally and to other WAN sites.

user-image
Question ajoutée par Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)
Date de publication: 2014/01/08
abdallahi Eminou
par abdallahi Eminou , IT Technician , Kinross Gold Corporation

please check gre protocol does it allow by ASP

Von Fritz Besa
par Von Fritz Besa , team leader , S H Construction Wll

yes, if a system has a remote access capability to be able to control it through a pc or mobile with an internet access

mahfoudh haji
par mahfoudh haji , Team Leader/Supervisor , ZACCA ENVIRONMENTAL CLUB

Yes, in the world of new technology this issue is quit simple.

Rami Haddad
par Rami Haddad , IT Security Professional - Advance , Injazat Data Systems

This can be related to many issues:

1-check NAT exempt configuration.

2- if splite tunnel is configured is the server IP in the splite tunnel configuration.

3-server or any layer three devices in the path (between the fire LAN interface and the server) should know a route the VPN clients pool

you can verify this simply using capture on the ASA LAN interface

4-access-group applied on the LAN interface or devices in the path.

5-Check ASP captures on the ASA during the test, is there any drops related to traffic between VPN client IP and server IP.

 

hope this helps.

 

Best regards,

Rami Haddad

CCIE security #35629