Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
5
Helpful
4
Replies

VPN no access to other networks on ASA

Go to solution
cco_heerema
Level 1
Level 1

‎01-09-2007 09:48 AM - edited ‎03-11-2019 02:17 AM

Hi,

I'm trying to get my vpn clients access to all my networks on my ASA

But when i ping a host from a client which is connected via a VPN tunnel to a host which is not on the MGMT interface i get :

no translation group found for ICMP src outside 10.100.50.100

In my logging.

This has probably something to do with my nat configuration ( Routing is ok because i can ping the host from the ASA itself)

So can somebody please help me understand why this is going wrong and what i need to do to get this working.

Thanks !

Description of my network

Eth0 = Public IP on internet

ETh2 = DMZ ( back 2 back with ISA server)

Eth3= Management

I want to get in with VPN clients from the internet and get access to all networks. No i only can reach the MGMT and not the ISA srv

Labels:
Preview file
6 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
5220
Level 4
Level 4

‎01-09-2007 10:30 AM

Hi,

First, the VPN pool should be a different subnet from the LAN:

LAN 10.100.50.0/24

VPN pool 10.100.60.0/24

In order to make the traffic work add the following command:

access-list NONAT permit ip 10.100.60.0 255.255.255.0 10.100.50.0 255.255.255.0

nat(inside) 0 access-list NONAT

Please rate if this helped.

Regards,

Daniel

View solution in original post

Go to solution
m.sir
Level 7
Level 7
In response to cco_heerema

‎01-11-2007 01:09 AM

Can you try management-access inside command

check following link for more info

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K17708166

M.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
5220
Level 4
Level 4

‎01-09-2007 10:30 AM

Hi,

First, the VPN pool should be a different subnet from the LAN:

LAN 10.100.50.0/24

VPN pool 10.100.60.0/24

In order to make the traffic work add the following command:

access-list NONAT permit ip 10.100.60.0 255.255.255.0 10.100.50.0 255.255.255.0

nat(inside) 0 access-list NONAT

Please rate if this helped.

Regards,

Daniel

Go to solution
cco_heerema
Level 1
Level 1
In response to 5220

‎01-11-2007 12:57 AM

Thanks for your help Daniel,

This solved my issue, BUT as i am using this tunnel to have access to all network resources to manage this network.

I also would like to have access to my ASA

I allready included an

ssh 10.100.60.0 255.255.255.0 Inside

ssh 10.100.60.0 255.255.255.0 Outside

ssh 10.100.60.0 255.255.255.0 MGMT

telnet 10.100.60.0 255.255.255.0 Inside

telnet 10.100.60.0 255.255.255.0 Outside

telnet 10.100.60.0 255.255.255.0 MGMT

But the i am not able to access the ASA itself from a VPN connected client.

A telnet session behaves verry strange, it looks like the session does start, but it never passes on making the windows CLI telnet tool to hang (it doesn't exit)

What am i missing here ?

0 Helpful

Go to solution
m.sir
Level 7
Level 7
In response to cco_heerema

‎01-11-2007 01:09 AM

Can you try management-access inside command

check following link for more info

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K17708166

M.

0 Helpful

Go to solution
cco_heerema
Level 1
Level 1
In response to m.sir

‎01-11-2007 01:31 AM

This issue has kept me awake for 2 nights .. so i am SO gratefull !

Thank you so much !

Maikel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card