Solved: Hi Mat,

MediaNetMat · ‎03-14-2016

Hello everyone,

How can I create a routing from VPN IP pool to inside zone? Right now I have VPN on 10.0.100.1 /24 and my inside network on 10.0.50.1/24 how I can allow access to the inside zone from vpn ip pool?

Many thanks.

Aditya Ganjoo · ‎03-14-2016

Hi Mat,

You can create a nat-exempt rule on the ASA.

object network obj-internal

subnet 10.0.50.0 255.255.255.0

object-network obj-pool

subnet 10.0.100.0 255.255.255.0

You need to create a manual NAT statement like this:

nat (inside,outside) source static obj-internal obj-internal destination static obj-pool obj-pool no-proxy-arp route-lookup

This would be enough to access the internal resources.

Regards,

Aditya

Please rate helpful posts.

View solution in original post

Kevin_W · ‎03-14-2016

Hi MediaNetMat,

it depends whether your VPN pool/traffic is bypassed your interface access lists or not.
You can check that under configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles

If it bypassed you can manage that with split-tunneling (under Group Policies) to define whether the traffic is going in the tunnel or not.
If it is not bypassed you also have to check your ruleset (the rules for "Incoming WAN Interface).

Hope this will help you

Aditya Ganjoo · ‎03-14-2016