Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
5
Replies

Problem with cisco vpn client

luongdung
Level 1
Level 1

‎08-12-2015 08:16 PM - edited ‎03-11-2019 11:25 PM

We are using cisco vpn client to connect VPN server (ASA 5510).With VPN Connection, Cisco vpn client can only connect the services in LAN other than services is published/NATed to internet via this ASA 5510. For example: On one server, vpn client can not access the services publishing to the Internet while other services not publish to the Internet on the same server remains accessible via vpn client

How can I fix this problem ?

Thanks

Alex

Labels:
0 Helpful
5 Replies 5

Richard Bradfield
Level 6
Level 6

‎08-12-2015 09:21 PM

All I can say is you most probably need split tunneling on your VPN client so access to public addresses does not go through the VPN tunnel.Also you might need to manipulate your DNS

0 Helpful

rizwanr74
Level 7
Level 7

‎08-13-2015 07:37 AM

Hi Alex,

 

I would agree with chrbradf1, if you have a given publically accessiable services running on a server, then you must include that paticular public ip-address in the split-tunnel acl and you don't include that IP-address for nat-examption that should work for you.

 

thanks

Rizwan Rafeek.

0 Helpful

luongdung
Level 1
Level 1
In response to rizwanr74

‎08-13-2015 11:14 PM

Thanks rizwanr74 and chrbradf1. Vpn client can connect the service with the public ip address on the server but can not access the same service with local ip  on the same server

How can I fix this problem ?

Alex

 

0 Helpful

rizwanr74
Level 7
Level 7
In response to luongdung

‎08-14-2015 08:46 AM

Hi there,

 

"Vpn client can connect the service with the public ip address on the server but can not access the same service with local ip  on the same server"

 

Reason that client can access service on public address either because they are accessing it outside of the tunnel or via the tunnel by the means of split-tunnel.

The reason why cannot access it on private address, is because the static-nat public to private. The return traffic will be subject to static-nat which will resulted in asymmetric traffic path. 

 

Your client cannot access static-natted private address, unless they are access it on public address, the reason asymmetric traffic path.

 

Hop that helps.

thanks

0 Helpful

Richard Bradfield
Level 6
Level 6
In response to luongdung

‎08-15-2015 04:47 PM

I think this will be a DNS issue, You will need to have a DNS server that the VPN clients use that points to the internal address of  public facing servers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card