cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
5
Replies

Problems VPN ASA access

niLuxx
Level 1
Level 1

Dear community,

 

one of my companies ordered a ASA 5506-X few weeks ago. I'm currently doing the initial configuration and wanted to set up a Client-2 Site VPN connection with access to ASDM/CLI of the ASA. 

The VPN is working, nevertheless I do not have access to ASDM or CLI. I already set up NAT rules:

 

nat (outside,outside) source dynamic VPN interface
nat (inside_1,outside) source static internal_networks internal_networks destination static VPN  VPN  no-proxy-arp route-lookup
!
object network obj_any
nat (any,outside) dynamic interface

 

VPN means my VPN-client IP address.

 

The general setup is:

INTERNET <=> ASA <=> Layer-3-Switch

The management-port of the ASA is connected to the Layer-3-Switch behind the ASA and located in subnetwork 192.168.1.0/24.

 

Nevertheless my VPN client has no internet-access either - neither access to ASDM/CLI.

Any ideas?

 

Best regards,

niLuxx

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

The VPN is working, nevertheless I do not have access to ASDM or CLI. I already set up NAT rules:

 

Couple of question to clarify the problem :

 

When you say VPN working, how did you verfied it is working ?

which ASDM you do not have access local or remote ?

 

Can you post both the side configuration to understand config and suggestion, (most cases if the VPN UP you may have ACL issue or routing issue here).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

 

regarding your questions:

When you say VPN working, how did you verfied it is working 

=> I can connect to VPN endpoint via AnyConnect Client. My laptop also got correct IP, Subnetmask, Gateway, etc.

 

> which ASDM you do not have access local or remote ?

=> I'm not sure if I understand you correctly. I can connect to ASDM/CLI when I'm onsite and connect via cable to the Layer-3-Switch

=> I do not have access to ASDM/CLI after establishing the VPN connection via AnyConnect

 

What exactly do you need out of the config? I want to avoid posting the config on a public thread...

Ok So when you connect to using your Laptop using cisco Any connect, you able to establish the VPN connection.

But you are not able to access any resources like ASDM / or internal LAN resources, if this is correct.

 

So you need to check the ACL here for the IP pool allocated for VPN user.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Exactly :-)

Regarding ACL. I thought the same, but I already have these entries here

 

1. access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
2. access-list AnyConnect_Client_Local_Print extended permit 137 any4 any4
3. access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns

 

Wouldn't be the first entry enough?

 

Greetings,

niLuxx

Can you remove confidentail information and post the configuration to have a review please. So best suggestion can be provided.

 

if not possible, please read the below thread.

 

https://community.cisco.com/t5/vpn-and-anyconnect/urgent-remote-access-vpn-users-connects-but-can-not-access/td-p/2853808

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card