Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
1
Replies

VPN: one is working, the other is not...

danbryan80
Level 1
Level 1

‎08-12-2012 11:16 AM - edited ‎03-11-2019 04:41 PM

I have several interfaces:

  • outside
  • inside(192.168.0.0/24)
  • wifi(192.168.101.0/24)
  • haklab(10.10.10.0/24)

Currently I have remote access anyconnect users who are able to VPN in and get access to the outside internet and inside devices.

I am trying to add another VPN config to allow users to connect to the haklab resources from the outside. 

Currently they are able to connect to the VPN and access outside resources, but they are unable to see any of the devices on the inside.    

I have created a user, pronto which should be forced in recieving the mdc3 connection profile which assigns them an IP address from my DHCP server which is also on that lan segment.  The VPN users are currently reciving an address from DHCP. In my case 10.10.10.20 was assigned to pronto when he VPN'd in.

My goal is to determine why pronto can't access any of the devices on the haklab interface

Here is the full config:

https://gist.github.com/3333437

ASDM VIEW ACCESS: just PM me and Ill create an account.

relevant snippets:

object network MDC3_VPN

subnet 10.10.10.200 255.255.255.248

access-list haklab_access_in extended permit ip object MDC3_VPN interface HAKlab

ip local pool mdc3_VPN 10.10.10.200-10.10.10.240 mask 255.255.255.0

nat (inside,outside) source static HAK_LAB HAK_LAB destination static MDC3_VPN MDC3_VPN

nat (outside,outside) after-auto source dynamic MDC3_VPN interface

username pronto password xxxxxxxx encrypted

username pronto attributes

vpn-group-policy mdc3_policy

group-lock value mdc3

service-type remote-access

webvpn

  anyconnect profiles value MDC3 type user

anyconnect profiles MDC3 disk0:/mdc3.xml

tunnel-group mdc3 type remote-access

tunnel-group mdc3 general-attributes

address-pool mdc3_VPN

default-group-policy mdc3_policy

dhcp-server subnet-selection 10.10.10.25

tunnel-group mdc3 webvpn-attributes

group-alias mdc3 enable

group-policy mdc3_policy internal

group-policy mdc3_policy attributes

wins-server none

dns-server value 10.10.10.25 4.2.2.2

vpn-tunnel-protocol ikev2 ssl-client

default-domain value mdc3.net

webvpn

  anyconnect profiles value MDC3 type user

Labels:
0 Helpful
1 Reply 1

zujalal
Cisco Employee
Cisco Employee

‎08-12-2012 08:57 PM

Hi Daniel.

I am trying to figure out what are you trying to achive by this ACL?

"access-list haklab_access_in extended permit ip object MDC3_VPN interface HAKlab"

Why not use the below since you want to access all resources behind HAKlab.

access-list haklab_access_in extended permitip object MDC3_VPN any

HTH

Zubair

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card