Showing results for 
Search instead for 
Did you mean: 

remote access VPN users cannot access inside network on ASA 5505


I have configured a Cisco ASA 5505 with remote access VPN as follows:

  • ASA outside:
  • ASA inside 
  • VPN address pool:
  • inside network:

The VPN pool of hosts should have full access to the inside network. Config file is attached.


As far as I can tell, the NAT rules and access rules are correct (Im obviously missing something) but VPN remote access hosts cannot contact the inside network. I have trued varouos combinations of NAT and access rules and cannot get the VPN network talking to the inside network.


Rising star
Rising star

Remove these lines and try it.


global (inside) 2 interface
nat (outside) 2 vpn-network outside

access-group inside_access_in in interface inside
access-group inside_access_out out interface inside

Hi rizwanr74,


That didnt work, on a Windows machine connected over VPN, I get

Ping:transmit failed. General failure.

when I try ping an inside device, like there is no route on the ASA?

Can you remove the below line and try it?


access-group outside_access_out out interface outside

Hi rizwanr74,

That didn't work either. I ran the packet tracer and an implicit access rule is denying access, even though there is a configured rule that should override it.

See screenshot attached.

The clients inside network was for some reason configured as, which is is which is in the reserved link-local address range that Microsoft dishes out to hosts when they cant find a DHCP server. 

Is there any chance the ASA wont route traffic to that address range for that reason?

I've set up a couple of ASA 5505s now with similar configs and havent had seen issue before.

I just changed the inside interface and network as a test (I didn't actually change the inside network devices) and I'm still being blocked by the same access rule, so it may be unrelated to being within the reserved link-local address range.

Interestingly, however, attempting to ping the inside network on a Windows machine from the VPN network, the result has changed from:

PING: transmit failed. General failure.