Showing results for 
Search instead for 
Did you mean: 

ASA access to website via wan but not thru tunnel?


ASA access to website via wan but not thru tunnel?


We have an ASA that allows us to access a webserver (nat) when connecting to it on the wan (outside). We also have a pptp tunnel that goes thru the asa and terminates on another device on the inside. The pptp is NOT on the asa. When a pptp client connects, they receive an IP from the pool of the pptp server that is in the same subnet of the webserver. We cannot access the webserver thru the tunnel. We can ping it's IP. Also a remote point to point Ipsec tunnel can ping the webserver on it's inside IP but not access it. This tunnel DOES terminate to the asa

jira = inside web server 
name jira

jiraout = public IP applied to asa outside
name *.*.237.228 jira-out

access-list acl-out extended permit tcp any host jira-out eq https
static (Inside,outside) jira-out jira netmask tcp 0 8192

I need to get to Jira thru the pptp and IPsec tunnels only. So from a pptp client and thru point to point tunnel from India.

Attached sanitized config

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers