Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 - Cannot connect to a remote site via cisco VPN.

Status
Not open for further replies.

YvesS

Technical User
Oct 30, 2014
2
CA
Hello.
I am trying to configure my vpn on a ASA5510. All is working fine except when I need to connect to a customer's secure site.

From home, I connect to the office's VPN using Cisco VPN Client 5.0.07.0440.
Once connected, I open my Browser, address and get my customer's page mentioning I 'm not authorized.

When I.m at the office (not connected VPN), it connects fine.

I think that my problem is when connected VPN, my IP address (source address) that the customer sees is the one from home, not the office.
The site myipadress.com confirmed it.

Q. Is there a way, when connected VPN, to have an IP (source address) as if I am at the office?
I think it has to do with the split tunnelling configuration but tried without success.

Thanks in advance.
 
when you are at home..and connected:

ipconfig /all

route print

see if you actually get an IP address that is correct for your VPN
see if you get a route to your customer that is through the VPN .


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Looks like your customer verifies the source IP address. Making your VPN non-split tunnel should address the issue. I would make a separate VPN connection for that, as all your traffic will be going through the office.
 
Thanks guys for your replies.

What I did to resolve my problem was to create a vpn tunnel supplied with Windows 7 and uninstalled the Cisco client.

Here is a link for the How to:

Now, when I go to the site WhatismyIP.com, I do have the IP of the Offices' Internet Address and not of my home Internet provider.
(this is the address that the customer's site is validating, not the address that the dos command IPCONFIG /all returned.)

Thanks agains.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top