I have really little knowledge on how to setup an ASA5505.
I am working on one already setup but one configuration is not fully working and I can't figure how to fix it
network A (10.5.10.0) <-ASA5505---VPN-- STORMSHIELD-> network B (10.10.0.0)
This is the main setting and it is working, I can access a computer on 10.10.0.0 from a computer on 10.5.10.0
client less vpn (188.8.131.52) <---VPN ASA 5505---> network A (10.5.10.0)
This is working I can access a computer on network 10.5.10.0 from a computer connected through the clientless vpn, the client less vpn give an address in the rang 184.108.40.206.
My problem is that I can't access a compute on 10.10.0.0 form the computer connected via the client less vpn.
I think it is a NAT configuration but I can't figure out.
I am using the graphical interface 8.4 (4) 1 and the device manager version is 7.1(2)
Thank you for your help
As I have really little knowledge of how to set it up I need some help there.
1. If you get an IP address when you connect to the VPN, it means you're not using clientless ssl vpn, but anyconnect.
2. Configure on the ASA "same-security-traffic permit intra-interface".
3. Configure a twice NAT rule to exclude traffic from users (172.16.10.0) towards the remote site protected network(10.10.0.0) from being NAT'ed, like for example:
object network vpn_clients
subnet 172.16.10.0 255.255.255.0
object network vpn_remote_network
subnet 10.10.0.0 255.255.0.0
nat (NAMEIF_OF_OUTSIDE_INT NAMEIF_OF_OUTSIDE_INT) 1 source static vpn_clients vpn_clients destination static vpn_remote_network vpn_remote_network no-proxy-arp
There is a comma missing:
nat (NAMEIF_OF_OUTSIDE_INT, NAMEIF_OF_OUTSIDE_INT) 1 source static vpn_clients vpn_clients destination static vpn_remote_network vpn_remote_network no-proxy-arp
The command worked, it creates the nat (I think it is the same as I was trying yesterday) but still no ping from a computer on 176.... to 10.10...
Is there something else I should look at ?
Can you post the full current ASA configuration? You can PM me, if you don't want to share it here. Also, connect with the VPN client, generate some traffic towards the remote network and post the output of "show crypto ipsec sa detail" and "show vpn-sessiondb detail".