Solved: VPN Natting - Page 2

Arvo Bowen · ‎08-26-2011

I'm having issues with getting traffic from my VPN client (IP 10.71.2.2) to my inside local network client (IP 10.71.1.11). I have my config attached. Is there something I'm missing?

raga.fusionet · ‎08-31-2011

Arvo, you are hitting a bug man!

Check it out:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr16184

That's why the inside interface doesnt respond even with the management access command.

Someone else reported a similar problem a few minutes ago.

Have fun!

PS: Please remember to mark this question as answered unless you have any other questions.Thx!

Arvo Bowen · ‎08-31-2011

That worked perfectly Luis! Thanks!!!

I just had to open the ASDM, go to my NAT Rules inside Configuration and then edit my VPN to local lan NAT rule... Just needed to tick (check) the last check box called "Lookup route table to locate egress interface"!

If using the CLI all you need to do is add "route-lookup" to the end of the NAT rule (before description)

Ex:

ASA's Management-Access Interface IP address is 192.168.1.1.

! Overlapping NAT statement:

nat (inside,outside) source static obj-192.168.1.0 obj-192.168.1.0 destination

static obj-vpn obj-vpn

! New Statement:

nat (inside,outside) source static obj-192.168.1.0 obj-192.168.1.0 destination

static obj-vpn obj-vpn route-lookup

raga.fusionet · ‎08-31-2011

Sweeeet. Thanks for the tips

I'm glad to hear that you got it working!

Have a good one.