ā02-16-2022 07:15 AM
Dear All,
I have setup Full tunnels VPN access on a ASA 5515 but cannot access the host or ASA when I login using the VPN. I can connect with the Cisco VPN ,I have access to internet and I can use ssh using either ISP address or local ip address . The host on ip address 192.168.1.5. I get error message dst inside_1:192.168.1.5/3389 denied due to NAT reverse path failure
Can you help please
Kind Regards
Hamid
Solved! Go to Solution.
ā02-16-2022 07:38 AM - edited ā02-16-2022 07:40 AM
you need to put a nat exemption rule Hamid to get this working.
Object network RDP
host 192.168.1.5
!
object anyconnect
subnet 192.168.100.0 255.255.255.0
!
nat (inside,outside) source static RDP RDP dest static anyconnect anyconnect no-proxy route-lookup
ā02-16-2022 08:18 AM
Hi Sheraz.
Thank you very much.
With this command resolved.
nat (any,outside) source static RDP_static RDP_static dest static anyconnect anyconnect no-proxy route-lookup.
Kind Regards
Hamid
ā02-16-2022 07:38 AM - edited ā02-16-2022 07:40 AM
you need to put a nat exemption rule Hamid to get this working.
Object network RDP
host 192.168.1.5
!
object anyconnect
subnet 192.168.100.0 255.255.255.0
!
nat (inside,outside) source static RDP RDP dest static anyconnect anyconnect no-proxy route-lookup
ā02-16-2022 08:18 AM
Hi Sheraz.
Thank you very much.
With this command resolved.
nat (any,outside) source static RDP_static RDP_static dest static anyconnect anyconnect no-proxy route-lookup.
Kind Regards
Hamid
ā02-16-2022 07:40 AM
@Hamid Amir you are using a BVI, so unfortunately you cannot manage the ASA over the VPN if the inside interface is a BVI. There is still an open enhancement request - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve82307
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide