Solved: Can not access host in Full tunnels VPN access on Cisco ASA 5515

Hamid Amir · ‎02-16-2022

Dear All,

I have setup Full tunnels VPN access on a ASA 5515 but cannot access the host or ASA when I login using the VPN. I can connect with the Cisco VPN ,I have access to internet and I can use ssh using either ISP address or local ip address . The host on ip address 192.168.1.5. I get error message dst inside_1:192.168.1.5/3389 denied due to NAT reverse path failure

Can you help please

Kind Regards

Hamid

Sheraz.Salim · ‎02-16-2022

you need to put a nat exemption rule Hamid to get this working.

Object network RDP

host 192.168.1.5

!

object anyconnect

subnet 192.168.100.0 255.255.255.0

!

nat (inside,outside) source static RDP RDP dest static anyconnect anyconnect no-proxy route-lookup

please do not forget to rate.

View solution in original post

Hamid Amir · ‎02-16-2022

Hi Sheraz.

Thank you very much.

With this command resolved.

nat (any,outside) source static RDP_static RDP_static dest static anyconnect anyconnect no-proxy route-lookup.

Kind Regards

Hamid

View solution in original post

Sheraz.Salim · ‎02-16-2022

you need to put a nat exemption rule Hamid to get this working.

Object network RDP

host 192.168.1.5

!

object anyconnect

subnet 192.168.100.0 255.255.255.0

!

nat (inside,outside) source static RDP RDP dest static anyconnect anyconnect no-proxy route-lookup

please do not forget to rate.

Hamid Amir · ‎02-16-2022

Hi Sheraz.

Thank you very much.

With this command resolved.

nat (any,outside) source static RDP_static RDP_static dest static anyconnect anyconnect no-proxy route-lookup.

Kind Regards

Hamid

Rob Ingram · ‎02-16-2022

@Hamid Amir you are using a BVI, so unfortunately you cannot manage the ASA over the VPN if the inside interface is a BVI. There is still an open enhancement request - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve82307