https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229832#M876927 <P>I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.</P> Mon, 11 Mar 2019 14:45:19 GMT CSCO10320953 2019-03-11T14:45:19Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229832#M876927 <P>I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.</P> Mon, 11 Mar 2019 14:45:19 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229832#M876927 CSCO10320953 2019-03-11T14:45:19Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229833#M876930 <HTML><HEAD></HEAD><BODY><P>Post your routing and access-list + NAT</P><P>Vlad</P><P></P></BODY></HTML> Tue, 03 Feb 2009 13:10:37 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229833#M876930 hunnetvl01 2009-02-03T13:10:37Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229834#M876933 <HTML><HEAD></HEAD><BODY><P>is split tunneling enabled on the firewall?</P></BODY></HTML> Tue, 03 Feb 2009 16:15:49 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229834#M876933 Tshi M 2009-02-03T16:15:49Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229835#M876936 <HTML><HEAD></HEAD><BODY><P>maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...</P></BODY></HTML> Tue, 03 Feb 2009 22:41:10 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229835#M876936 rjaaouan 2009-02-03T22:41:10Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229836#M876938 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>interface GigabitEthernet0/0</P><P> nameif Outside</P><P> security-level 0</P><P> ip address x.x.x.x 255.255.255.248 </P><P>interface GigabitEthernet0/1</P><P> description Internet</P><P> nameif Inside</P><P> security-level 100</P><P> ip address x.x.x.x 255.255.255.248 </P><P>interface Management0/0</P><P> nameif management</P><P> security-level 100</P><P> ip address 10.0.x.x 255.x.x.0 </P><P>access-list Inside_mpc remark Trafiic for CSC Scan</P><P>access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www </P><P>access-list Inside_access_in extended permit ip any any log critical </P><P>access-list outacc extended permit icmp any any log critical </P><P>access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical </P><P>access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www </P><P>access-list Cisco_splitTunnelAcl standard permit x.x.x.x 255.255.255.248 </P><P>access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 x.x.x.0 255.255.255.0 </P><P>access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 220.220.220.0 255.255.255.0 </P><P>access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.224 </P><P>access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.0 </P><P>access-list Inside_mpc_3 remark csc</P><P></P><P>access-list aba_splitTunnelAcl standard permit x.x.x.x 255.255.255.248 </P><P>access-list management_splitTunnelAcl standard permit x.x.x.x 255.255.252.0 </P><P>access-list Outside_access_in remark For vpn connection</P><P>access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications </P><P>ip local pool abavpnpool x.x.x.x-x.x.x.x mask 255.255.252.0</P><P>ip local pool testpool x.x.x.x-x.x.x.x mask 255.255.255.0</P><P>no failover</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>nat-control</P><P>global (Outside) 1 x.x.x.x</P><P>nat (Inside) 0 access-list Inside_nat0_outbound</P><P>nat (Inside) 1 0.0.0.0 0.0.0.0</P><P>access-group outacc in interface Outside</P><P>access-group Inside_access_in_1 in interface Inside</P><P>route Outside 0.0.0.0 0.0.0.0 x.x.x.x </P><P>route Inside x.x.x.x 255.255.252.0 x.x.x.x 1</P><P> vpn-group-policy abavpn</P><P>tunnel-group abavpn type remote-access</P><P>tunnel-group abavpn general-attributes</P><P> address-pool abavpnpool</P><P> default-group-policy abavpn</P><P>tunnel-group abavpn ipsec-attributes</P><P> pre-shared-key *</P><P>tunnel-group test type remote-access</P><P>tunnel-group test general-attributes</P><P> address-pool testpool</P><P> default-group-policy test</P><P>tunnel-group test ipsec-attributes</P><P> pre-shared-ke</P></BODY></HTML> Wed, 04 Feb 2009 05:29:33 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229836#M876938 CSCO10320953 2009-02-04T05:29:33Z https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229837#M876941 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I believe that you need to define a group-policy that will use the defined split tunnel. </P><P></P><P>group-policy test internal</P><P>group-policy test attributes</P><P> dns-server value x.x.x.x</P><P> vpn-tunnel-protocol IPSec </P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value Cisco_splitTunnelAcl </P><P> default-domain value xxx.com</P></BODY></HTML> Wed, 04 Feb 2009 16:14:01 GMT https://community.cisco.com/t5/network-security/vpn-connection/m-p/1229837#M876941 Tshi M 2009-02-04T16:14:01Z