cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1258
Views
5
Helpful
12
Replies

Basic remote VPN setup help!

andrew.buel
Level 1
Level 1

        ..

12 Replies 12

mageenergis
Level 1
Level 1

Hi there.

Could this be an issue with your connection being dropped due to no translation rule being in place? Do your logs show anything?

Does something like this fix it?

nat (outside) 0 192.168.2.96 255.255.255.224 outside

Paul

jpoplawski
Level 1
Level 1

Definitely have something wrong with your no-nat statement...

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.96 255.255.255.224

Just looking at your config, I'm assuming it would need to be

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

If you're getting an IP, everything security-wise is okay.

Hope this helps, rate if it does.

JB

I changed it to reflect your comment but alas it did not change anything. I appreciate your input though.

Andrew

Your nonat acl was fine as your vpn pool handed out addresses that were in the range of 192.168.2.96 255.255.255.224.

Could you let us know which internal resources you are trying to connect to from the vpn client ?

Jon

I've had issues if my subnet doesn't match up with the DHCP Pool (PIX days) as the pool is a /24 and you're specifying a /27. Can you repost the latest config?

Thanks,

JB

My latest config...

I'm trying to hit the inside interface, 192.168.1.1 or anything on that subnet.

NAT (inside) 0 access-list inside_nat0_outbound

I don't think you need access-list inside_access_in extended permit icmp any any as the first line should cover it.

Hitting the inside interface of the firewall, I believe you would need to noNAT the outside interface to properly source the traffic. I think I've done it once and it was always easier to RDP to a box on the inside and bounce back out to the firewall.

Hope this helps, rate if it does.

JB

Not sure what you mean about no-natting the outside interface. Thanks for the help!

Again this is from my PIX days, but if you try and connect to the inside IP of the firewall, it attempts to send that traffic back out the interface. Might have gotten something goofed, or maybe it was a site to site VPN. It's been awhile. :)

Is everything operational then?

Hope this helps, rate if it does.

JB

Still not working.

This is my current config.

Hi Andrew,

Can you please try this command and see if you can ping the inside interface when VPNed?

management-access inside

-Rakesh

Review Cisco Networking for a $25 gift card