Hi all,
I'm fighting to get my VPN working the way I need it to at my office. I recently setup my home office, as well as have an employee going on maternity leave that will be working from home. I'm trying to get my VPN setup and am fighting with something that seems trivial, but I can't seem to find a solution. Hopefully you all can steer my in the right direction.
Setup:
ASA5505 at the edge of my network (NAT and ports setup to allow VPN).
Server 2012 R2 running as a guest under a Hyper-V host.
Guest OS is my domain controller, FTP server, file server, and now VPN server.
Guest OS has 2 NICs associated with it: a DMZ interface used for my FTP traffice, and the Internal Network interface for everything else (nothing but the VPN is public facing on this interface at the moment).
I setup the Routing and Remote Access piece using the "Custom" setup, and selected VPN. Not a whole lot of config there.
I setup the Remote Access part.
Long story short, I got it all setup and wasn't able to connect. I suspected the ASA was the issue, as I'm still getting familiar with how to configure NAT and Firewall rules. After a bunch of fishing and looking at logs I spotted the problem. The traffic was coming into the ASA and going to the correct interface on the server, but for some reason the server was sending the outbound packets through the DMZ interface. After disabling the DMZ interface, the VPN connected right up. For the past week and a half or so I've just been running in this configuration because I needed the VPN to work; however, I use the FTP to access troubleshooting tools (malware removal, net diag, etc) when out in the field. The FTP is tied to the DMZ interface, thus with that interface disabled I can't get to my FTP. I'm at a point where I need to get this working, so I need to figure out which component on the server is directing outbound VPN traffic out the DMZ interface instead of the same interface on which it came in (ie. the Internal interface). I suspect the Routing and Remote Access component, but after screwing with numerous settings and different configurations I still can't get my VPN to work unless I disable the DMZ all together.
Any ideas "who" is telling the outbound VPN traffic to flow out the DMZ??
Thanks!
I'm fighting to get my VPN working the way I need it to at my office. I recently setup my home office, as well as have an employee going on maternity leave that will be working from home. I'm trying to get my VPN setup and am fighting with something that seems trivial, but I can't seem to find a solution. Hopefully you all can steer my in the right direction.
Setup:
ASA5505 at the edge of my network (NAT and ports setup to allow VPN).
Server 2012 R2 running as a guest under a Hyper-V host.
Guest OS is my domain controller, FTP server, file server, and now VPN server.
Guest OS has 2 NICs associated with it: a DMZ interface used for my FTP traffice, and the Internal Network interface for everything else (nothing but the VPN is public facing on this interface at the moment).
I setup the Routing and Remote Access piece using the "Custom" setup, and selected VPN. Not a whole lot of config there.
I setup the Remote Access part.
Long story short, I got it all setup and wasn't able to connect. I suspected the ASA was the issue, as I'm still getting familiar with how to configure NAT and Firewall rules. After a bunch of fishing and looking at logs I spotted the problem. The traffic was coming into the ASA and going to the correct interface on the server, but for some reason the server was sending the outbound packets through the DMZ interface. After disabling the DMZ interface, the VPN connected right up. For the past week and a half or so I've just been running in this configuration because I needed the VPN to work; however, I use the FTP to access troubleshooting tools (malware removal, net diag, etc) when out in the field. The FTP is tied to the DMZ interface, thus with that interface disabled I can't get to my FTP. I'm at a point where I need to get this working, so I need to figure out which component on the server is directing outbound VPN traffic out the DMZ interface instead of the same interface on which it came in (ie. the Internal interface). I suspect the Routing and Remote Access component, but after screwing with numerous settings and different configurations I still can't get my VPN to work unless I disable the DMZ all together.
Any ideas "who" is telling the outbound VPN traffic to flow out the DMZ??
Thanks!