Hi,
I have a newly setup ASA5505 running 8.0, with remote access (anyconnect) working
The clients can reach LAN, and vice versa.
I'm trying to figure out how the h*ck the nat is built, Ive even set all incoming and outgoing traffic to permited but with no luck.
With iptables in Linux, I would simply say "all traffic that leaves interface outside should be translated", something like this:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
I've tried every possible combination in ASA with no luck. Can you spot an obvious problem?
While pinging 8.8.8.8 for example, I see this in the log:
| 6 | Jun 29 2011 | 07:41:16 | 302021 | 172.16.31.1 | 1024 | 8.8.8.8 | 0 | Teardown ICMP connection for faddr 172.16.31.1/1024 gaddr 8.8.8.8/0 laddr 8.8.8.8/0 (user) |
My config is as follows:
name 172.16.31.0 vpn-clientz description vpn clients
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.249 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 1.2.3.94 255.255.255.252
!
access-list vpn-clients remark tunnel all traffic
access-list vpn-clients standard permit any
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 vpn-clientz 255.255.255.0
access-list outside_access_out extended permit ip any any log disable
access-list outside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_out extended permit ip any any log disable
ip local pool vpn-clients 172.16.31.1-172.16.31.20 mask 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 sol-vpn-clientz 255.255.255.0
