https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347102#M310291 <HTML><HEAD></HEAD><BODY><P>Hi Patrick,</P><P></P><P>Thanks for your response, I figured as much.. Ended up resetting it to factory defaults and rebuilding the configuration from there. Couldn't for the life of me get that entry out. </P><P></P><P>As for the intention, not a clue, I wonder how it came in as well..</P><P></P><P>Anyway, it's back working again now, so thanks a lot!</P><P></P><P>John</P></BODY></HTML> Sat, 26 Oct 2013 18:00:24 GMT JohnSimons 2013-10-26T18:00:24Z https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347099#M310285 <P>Hey Guys,</P><P></P><P>I have added a second vlan on our ASA5505 for the wireless network (yes, I know it's not a router) and now webvpn has stopped working. Basically what happens is the ASA tries to unnat the request (which I think it shouldn't) and because of a static entry I seem to be unable to remove it resolves to the wrong network.</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/6/6/1/163166-unnatting%20cisco%20asa.png" alt="unnatting cisco asa.png" class="jive-image-thumbnail jive-image" onclick="" width="450" /></P><P></P><P>The rule is</P><P>static (wireless,outside) interface gw_wireless netmask 255.255.255.255 dns </P><P></P><P>The acl entry for the webvpn port is:</P><P>access-list outside_access_in extended permit tcp any host outside_ip object-group custom_webvpn log debugging&nbsp; </P><P></P><P>webvpn</P><P> port 444</P><P> enable outside</P><P> dtls port 444</P><P></P><P>I hope you can help me with my problem, if I need to give any more details please let me know...</P><P></P><P>Thanks,</P><P></P><P>John</P> Tue, 12 Mar 2019 02:56:13 GMT https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347099#M310285 JohnSimons 2019-03-12T02:56:13Z https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347100#M310287 <HTML><HEAD></HEAD><BODY><P>Hi John,</P><P></P><P>You need to remove that static NAT entry.</P><P>What it does is statically nat everything coming to the outside interface to 0.0.0.0 on the wireless interface and that doesn't make sense.</P><P></P><P>ciscoasa(config)# static (inside,outside) interface 0.0.0.0 netmask <SPAN style="font-size: 10pt;">255.255.255.255 dns</SPAN></P><P><SPAN style="font-size: 10pt;">WARNING: static redireting all traffics at outside interface;</SPAN></P><P>WARNING: all services terminating at outside interface are disabled.</P><P></P><P>What was intended with that static statement?</P><P></P><P>Patrick</P></BODY></HTML> Fri, 25 Oct 2013 19:50:24 GMT https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347100#M310287 Patrick Moubarak 2013-10-25T19:50:24Z https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347101#M310289 <HTML><HEAD></HEAD><BODY><P>Hello John,</P><P></P><P>Agree with Patrick (kudos to u) .</P><P></P><P>What you need instead of performing a one to one translation for the wireless router is to do a port-forwarding, I guess you are looking to manage the device remotely so do the following</P><P></P><P>static (inside,outside) tcp interface 443 <SPAN style="font-size: 10pt;">gw_wireless 443</SPAN></P><P><SPAN style="font-size: 10pt;">access-list out_in permit tcp any host interface_ip_address eq 443</SPAN></P><P></P><P></P><P></P><P>Rate all of the helpful posts!!! <BR /> <BR />Regards, <BR /> <BR />Jcarvaja <BR /> <BR /><SPAN>Follow me on </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A></P></BODY></HTML> Fri, 25 Oct 2013 23:17:23 GMT https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347101#M310289 Julio Carvajal 2013-10-25T23:17:23Z https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347102#M310291 <HTML><HEAD></HEAD><BODY><P>Hi Patrick,</P><P></P><P>Thanks for your response, I figured as much.. Ended up resetting it to factory defaults and rebuilding the configuration from there. Couldn't for the life of me get that entry out. </P><P></P><P>As for the intention, not a clue, I wonder how it came in as well..</P><P></P><P>Anyway, it's back working again now, so thanks a lot!</P><P></P><P>John</P></BODY></HTML> Sat, 26 Oct 2013 18:00:24 GMT https://community.cisco.com/t5/network-security/asa5505-webvpn-not-working-after-adding-second-vlan/m-p/2347102#M310291 JohnSimons 2013-10-26T18:00:24Z