I changed it to reflect your comment but alas it did not change anything. I appreciate your input though.

Andrew

Your nonat acl was fine as your vpn pool handed out addresses that were in the range of 192.168.2.96 255.255.255.224.

Could you let us know which internal resources you are trying to connect to from the vpn client ?

Jon

I've had issues if my subnet doesn't match up with the DHCP Pool (PIX days) as the pool is a /24 and you're specifying a /27. Can you repost the latest config?

Thanks,

JB

My latest config...

I'm trying to hit the inside interface, 192.168.1.1 or anything on that subnet.

NAT (inside) 0 access-list inside_nat0_outbound

I don't think you need access-list inside_access_in extended permit icmp any any as the first line should cover it.

Hitting the inside interface of the firewall, I believe you would need to noNAT the outside interface to properly source the traffic. I think I've done it once and it was always easier to RDP to a box on the inside and bounce back out to the firewall.

Hope this helps, rate if it does.

JB

Not sure what you mean about no-natting the outside interface. Thanks for the help!

Again this is from my PIX days, but if you try and connect to the inside IP of the firewall, it attempts to send that traffic back out the interface. Might have gotten something goofed, or maybe it was a site to site VPN. It's been awhile. :)

Is everything operational then?

Hope this helps, rate if it does.

JB

Still not working.

This is my current config.

Hi Andrew,

Can you please try this command and see if you can ping the inside interface when VPNed?

management-access inside

-Rakesh