VPN IPSec Client connectivity to ASA5510

MIBS, SMMPv1, SMMPv2, SMMPv3 and management
Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 3:56 am


Keyword "any" is not supported in split tunnel ACL. Put specific networks, and you should be good to go.

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 4:11 am


Understood.  I removed all references to ACL_Tunnel_1 and _2 that had any and left in place _3 which defined the subnets.I can connect to the VPN from my home account and do receive an IP of 192.168.111.2.I am now able to connect, but it takes about a minute or two for the connection to get established.So, I am nearly there.  Just wondering why it is taking so long.  Perhaps it is my home connection?Anyways, I will keep debugging, but it looks like I am nearly there. Thanks.

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 4:43 am


Well just make sure the desired ISAKMP policy on your firewall is at the top. This will decrease the negotiation time for Phase 1. Also make sure there is no fragmentation (MTU issues). RegardsFarrukh

Post Reply