Re: Issues with VPN configuration

cjones615 · ‎07-20-2020

Having issues with my VPN configuration. I have a couple of servers on prem and a couple in Azure. It worked fine until I added the following commands:

access-list TIMECARD_WS standard permit 5.5.5.5

object network vpntest
subnet 192.168.0.230-192.168.0.239 255.255.252.0
nat (outside,outside) dynamic interface

same-security-traffic permit intra-interface

The commands were needed to allow employees to access their timecard when they are working remotely. The timecard website only allows entries when coming from our outside presented ip address.

Once I executed those commands, I got the website to work, but now I can't access any of the server in Azure.

Any help would be greatly appreciated.

Thanks.

balaji.bandi · ‎07-20-2020

we need more information - TIMECARD_WS - where this was applied what interface.

if you applied on the interface only this Access-list all will be dropped except this, this is normal behaviour,

if you like both should work, you need to tweak the ACL as per the requirement.

Post full configuraiton - all working, after adding this ACL to understand better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cjones615 · ‎07-20-2020

here is the config

Rob Ingram · ‎07-20-2020

Hi @cjones615

Now that you have that dynamic NAT rule from outside to outside, you will need a NAT exemption rule from your RAVPN "vpntest" network to the Azure networks to ensure that traffic is not natted. e.g

nat (OUTSIDE,OUTSIDE) source static vpntest vpnest destination static AZURE-NET AZURE-NET no-proxy-arp

HTH

cjones615 · ‎07-21-2020

That worked! Thank you!