Hi,
I have the following:
PC host (81.2.105.214) with Cisco VPN client | ASA appliance | Router | Internet | Cisco Pix at work.
I am trying to connect remotely via VPN to this Cisco Pix, however, I think the ASA is not allowing this. I can see IP addresses in the ASA logs for machines inside the VPN at work, and although i am connecting, I can't connect to any host. I am not using any form of NAT on the firewall or router.
Here is my config: ASA Version 8.0(2) ! hostname pippin domain-name hodgsonfamily.org enable password removed names name 81.2.105.210 gollum name 81.2.105.211 frodo name 81.2.105.212 elrond name 81.2.105.213 aragorn name 81.2.105.214 pc01 name 81.187.84.5 merry ! interface Vlan1 nameif inside security-level 100 ip address 81.2.105.209 255.255.255.240 ! interface Vlan2 nameif outside security-level 0 ip address 81.187.84.6 255.255.255.252 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd removed ftp mode passive clock timezone GMT/BST 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct
2:00 dns domain-lookup inside dns server-group DefaultDNS name-server elrond domain-name hodgsonfamily.org access-list outside_access_in extended permit tcp any host gollum eq smtp access-list outside_access_in extended permit tcp any host elrond eq domain access-list outside_access_in extended permit udp any host elrond eq domain access-list outside_access_in extended permit tcp any host elrond eq www access-list outside_access_in extended permit tcp any host elrond eq https access-list outside_access_in extended permit tcp any host pc01 eq 13334 access-list outside_access_in extended permit udp host merry host pc01 eq tftp pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 static (inside,outside) tcp elrond domain elrond 5353 netmask 255.255.255.255 static (inside,outside) udp elrond domain elrond 5353 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 merry 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 81.2.105.208 255.255.255.240 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ca trustpoint pippin.hodgsonfamily.org enrollment self crl configure no crypto isakmp nat-traversal telnet timeout 5 ssh 81.2.105.208 255.255.255.240 inside ssh timeout 5 console timeout 0threat-detection basic-threat threat-detection statistics access-list ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global ntp server elrond prefer username admin password removed prompt hostname context Cryptochecksum:763b357e03425455d7638f02857526f3 : end