07-20-2020 07:56 AM
Having issues with my VPN configuration. I have a couple of servers on prem and a couple in Azure. It worked fine until I added the following commands:
access-list TIMECARD_WS standard permit 5.5.5.5
object network vpntest
subnet 192.168.0.230-192.168.0.239 255.255.252.0
nat (outside,outside) dynamic interface
same-security-traffic permit intra-interface
The commands were needed to allow employees to access their timecard when they are working remotely. The timecard website only allows entries when coming from our outside presented ip address.
Once I executed those commands, I got the website to work, but now I can't access any of the server in Azure.
Any help would be greatly appreciated.
Thanks.
07-20-2020 08:14 AM
we need more information - TIMECARD_WS - where this was applied what interface.
if you applied on the interface only this Access-list all will be dropped except this, this is normal behaviour,
if you like both should work, you need to tweak the ACL as per the requirement.
Post full configuraiton - all working, after adding this ACL to understand better.
07-20-2020 08:31 AM
07-20-2020 08:39 AM
Hi @cjones615
Now that you have that dynamic NAT rule from outside to outside, you will need a NAT exemption rule from your RAVPN "vpntest" network to the Azure networks to ensure that traffic is not natted. e.g
nat (OUTSIDE,OUTSIDE) source static vpntest vpnest destination static AZURE-NET AZURE-NET no-proxy-arp
HTH
07-21-2020 04:35 AM
That worked! Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide