Hilfe ASA/PIX VPN Problem

[makana 10]

Hi ich hoffe Ihr könnt mir weiterhelfen, ich hab auf einer ASA 7.2 einen site to site VPN und einen Remote Access VPn gebaut beide funzen ganz gut aber leider nicht zusammen. sobald der Site to Site tunnel steht geht die Remoteeinwahl via VPN Client nicht mehr kann mir jemand einen tipp geben wie ich beide zusammen betreiben kann. denn wenn der Site to Site nicht on ist geht der VPN Remote Access wieder.

Ich danke im voraus schon mal

 

Gruß Makana

[Wordo 11]

Config posten waere nicht schlecht :)

[makana 10]

ASA Version 7.2(2)

!

hostname asa

domain-name altroconsult.de

enable password 8Ry2YjIyt7RRXU24 encrypted

names

name 192.168.1.2 CLIENT

name 192.168.1.0 KUNDEN_LAN

name 192.168.200.0 VPN_POOL

dns-guard

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan11

nameif outside

security-level 0

pppoe client vpdn group test

ip address pppoe setroute

!

interface Ethernet0/0

switchport access vlan 11

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS

domain-name altroconsult.de

access-list inside_nat0_outbound extended permit ip any VPN_POOL 255.255.255.248

access-list inside_access_in extended permit icmp host VPN_POOL any echo-reply

access-list inside_access_in extended permit ip host VPN_POOL any

access-list inside_access_in extended permit ip host CLIENT any

access-list inside_access_in extended permit icmp host CLIENT any echo-reply

access-list inside_access_in extended permit icmp host CLIENT any echo

access-list inside_access_in extended permit ip any any

access-list outside_cryptomap_65535.20 extended permit icmp any any echo

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool VPN_POOL 192.168.200.1-192.168.200.255 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

group-policy test internal

group-policy test attributes

vpn-tunnel-protocol IPSec

group-policy DfltGrpPolicy attributes

banner none

wins-server none

dns-server none

dhcp-network-scope none

vpn-access-hours none

vpn-simultaneous-logins 3

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter none

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

password-storage disable

ip-comp disable

re-xauth disable

group-lock value test

pfs enable

ipsec-udp disable

ipsec-udp-port 10000

split-tunnel-policy tunnelall

split-tunnel-network-list none

default-domain none

split-dns none

intercept-dhcp 255.255.255.255 disable

secure-unit-authentication disable

user-authentication disable

user-authentication-idle-timeout 30

ip-phone-bypass disable

leap-bypass disable

nem disable

backup-servers keep-client-config

msie-proxy server none

msie-proxy method no-modify

msie-proxy except-list none

msie-proxy local-bypass disable

nac disable

nac-sq-period 300

nac-reval-period 36000

nac-default-acl none

address-pools value VPN_POOL

client-firewall none

client-access-rule none

[makana 10]

webvpn

functions url-entry

html-content-filter none

homepage none

keep-alive-ignore 4

http-comp gzip

filter none

url-list none

customization value DfltCustomization

port-forward none

port-forward-name value Application Access

sso-server none

deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information

svc none

svc keep-installer installed

svc keepalive none

svc rekey time none

svc rekey method none

svc dpd-interval client none

svc dpd-interval gateway none

svc compression deflate

username carsten password nCe7k1IF8VqW6ktZ encrypted privilege 0

username carsten attributes

vpn-group-policy test

http server enable

http VPN_POOL 255.255.255.0 outside

http CLIENT 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5

crypto dynamic-map outside_dyn_map 40 set pfs

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-AES-256-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 30

tunnel-group test type ipsec-ra

tunnel-group test general-attributes

address-pool (inside) VPN_POOL

address-pool VPN_POOL

tunnel-group test ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group test request dialout pppoe

vpdn group test localname 0016157483565200420037940001@t-online.de

vpdn group test ppp authentication pap

vpdn username 0016157483565200420037940001@t-online.de password ********* store-local

[Wordo 11]

Ich seh da kein Site-to-Site VPN?