[vpn-help] Shrew / ASA problem passing traffic after tunnel enabled
John Walker
john at jsw4.net
Sun May 23 09:11:29 CDT 2010
I have used the instructions here
(http://www.shrew.net/support/wiki/HowtoCiscoAsa) to connect the shrew
client to an ASA. I attempt to connect using the client and it appears
to connect to the VPN gateway. The Shrew client shows me these messages:
config loaded for site 'newmgmtvpn'
configuring client settings ...
...
bringing up tunnel ...
network device configured
tunnel enabled
However, I cannot access hosts inside the ASA as expected. From what I
can tell, it appears that traffic is not routing correctly to and from
the ASA via the tunnel. I think the problem is in the ASA configuration,
so I include the relevant portions (I think).
I hope someone can point out my error.
Thank you,
John
General:
Shrew Client : 2.1.5
OS: Windows 7
ASA 5505 : ASA 7.2(4)
Outside network : 192.168.99.0/24
Inside network : 192.168.33.0/24
VPNhostsubnet : (network-object) 192.167.66.0/24
access-list NAT0VPN extended permit ip object-group VPNhostsubnet any
access-list JSW4MNGMNT_splitTunnelAcl standard permit any
ip local pool VPNhostpool 192.168.66.1-192.168.66.10 mask 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list NAT0VPN
nat (inside) 1 192.168.33.0 255.255.255.0
nat (outside) 0 access-list NAT0VPN
static (inside,outside) ...
static (inside,outside) ...
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 10
group-policy JSW4MNGMNT internal
group-policy JSW4MNGMNT attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value JSW4MNGMNT_splitTunnelAcl
username john password [removed] encrypted privilege 0
username john attributes
vpn-group-policy JSW4MNGMNT
tunnel-group JSW4MNGMNT type ipsec-ra
tunnel-group JSW4MNGMNT general-attributes
address-pool VPNhostpool
default-group-policy JSW4MNGMNT
tunnel-group JSW4MNGMNT ipsec-attributes
pre-shared-key *
More information about the vpn-help
mailing list