08-30-2007 08:43 AM - edited 03-11-2019 04:04 AM
I have an ASA5510 running ios 7.2(2). When a client VPN is established they are not able to access any server that dose not have a static translation built. Is it necessary to build static translations for every server that needs to accessed or is there a more simple way of doing this. I've tried the sysopt command and building a vpn-filter under the policy setting neither seems to help. Any suggestions would be appreciated.
Solved! Go to Solution.
08-30-2007 09:34 AM
access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool
access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool
nat (inside) 0 access-list nat0_acl
substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool
08-30-2007 08:46 AM
which sysopt command? permit-vpn?
Do your crypto acl's allow the communication to said servers? are you using split tunneling?
can you post a partial config?
08-30-2007 09:04 AM
sysopt connection permit-vpn is the command I used.
This is a client to ASA VPN with no split tunneling.
The ACL's I tried were allowing all traffic from the tunnel-group to the server network.
access-list 10 remark verizonVPN
access-list 10 extended permit ip any 10.3.0.0 255.255.0.0
access-list 10 extended permit ip any 10.2.0.0 255.255.0.0
__________
group-policy verizon attributes
dns-server value 10.3.1.48 207.78.40.49
vpn-simultaneous-logins 10
default-domain value QDINC.net
vpn-filter value 10
________
tunnel-group verizon type ipsec-ra
tunnel-group verizon general-attributes
address-pool qdi
authentication-server-group TACACS+ LOCAL
default-group-policy verizon
tunnel-group verizon ipsec-attributes
pre-shared-key *
08-30-2007 09:34 AM
access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool
access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool
nat (inside) 0 access-list nat0_acl
substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool
08-30-2007 09:48 AM
That seems to have worked.
I thank you kind sir.
David
08-30-2007 09:53 AM
you're welcome...and thanks for the rating.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide