cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
732
Views
0
Helpful
5
Replies

ASA 55xx VPN client issues after upgrade to 8.4.2

alex.dersch
Enthusiast
Enthusiast

Hello,

after upgrading an ASA 5520 to 8.4.2-8 VPN clients traffic is not passing destinations other then destinations behind the inside interface. the log shows routing failure for the vpn client on the inside interface.

it was working fine with 8.4.1 but the traffic is originated from the outside interface.

Can anybody confirm the the interface for VPN clients changed from outside to the inside interface.

thanks

Alex

1 Accepted Solution

Accepted Solutions

Hello Alex,

Ok, step number one:

-     On the Nat configuration for the VPN ( NO nat rule) please change the nat statement from any to any  to nat (inside,outside)

Also add the route-lookup command at the end of the nat statement, so it should look like this

nat (inside,oudside) source static Local-lan Local-lan destination Other-site Other-site route-lookup.

Regards,

Please rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
Advisor
Advisor

Hello Alex,

I think you are hitting bug ID CSCts89806, before confirming that, can you provide your VPN and nat configuration.

Regards,

Do please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello Julio,

thanks for your comment. I attached the config.

regards

alex

Hello Alex,

Ok, step number one:

-     On the Nat configuration for the VPN ( NO nat rule) please change the nat statement from any to any  to nat (inside,outside)

Also add the route-lookup command at the end of the nat statement, so it should look like this

nat (inside,oudside) source static Local-lan Local-lan destination Other-site Other-site route-lookup.

Regards,

Please rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

you were right, i reconfigured my NAT rules and it was working.

Thank you very much for your help.

regards

alex

Hello,

It is a pleasure to help.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers