Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2783
Views
0
Helpful
17
Replies

cisco asa 5510 remote access vpn ipsec issue

Go to solution
panchalrameshwar72
Level 1
Level 1

‎01-18-2017 04:42 AM - edited ‎03-12-2019 01:47 AM

hi team

i have setup a vpn connection for users so they can connect from outside , the vpn is working perfectly fine

i have created all this from asdm , the issue is i have added multiple network in acl and user is able to connect to only first network which i have added , i have tested this on different laptops and systems , recreated whole thing again.. all the networks are able to reach eachother internally there is no issue in routing this means . the network which i have added first is only reachable from outside and others are not even the network is already added in the acl and also when i am connected to the vpn i can see the network list to which i have access to  but i cannot ping any network or any other device which in that network.... i have done lots of research but not able to find anything .... really appreciate if some one can help me with this :(

Labels:
0 Helpful
17 Replies 17

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-29-2017 12:03 AM

hi

all the subnets are in different subinterfaces , and m sorry i am not able to understand that what command i have to enter to get this work

nat (stardmz) 0 access-list stardmz_no_nat - is this what you are saying

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-30-2017 01:54 PM

Yes, for each subinterface the NAT rules are referenced by different ACL's. For example, if you want to reach the stardmz network, you have to update the ACL given in this statement:

nat (stardmz) 0 access-list stardmz_no_nat

If it is StarLink_Lab interface, you have to update the ACL given in the following NAT statement:

nat (StarLink_Lab) 0 access-list StarLink_Lab_nat0_outbound

All the ACL entries that you add should have the format as below:

access-list <acl-name> extended permit ip <internal subnet> 255.255.255.0 <vpn-subnet> 255.255.255.0
0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎02-16-2017 09:37 AM

hi Rahul

thankyou very much for your reply that really helped , everything is working fine i can access all the networks from vpn now , i hope this will not create any issue with existing config on firewall and also i have did this from asdm i,e GUI i added a nat exempt rule under each interface and it started working . but what excatly the exempt means that my trying to serach .. thank again buddy ...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card