cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
839
Views
0
Helpful
6
Replies
Beginner

Clientless vpn acces route to another vpn ASA5505

ello,

I have really little knowledge on how to setup an ASA5505.

I am working on one already setup but one configuration is not fully working and I can't figure how to fix it

 

network A (10.5.10.0)  <-ASA5505---VPN-- STORMSHIELD-> network B (10.10.0.0)

This is the main setting and it is working, I can access a computer on 10.10.0.0 from a computer on 10.5.10.0

client less vpn (176.16.10.0) <---VPN ASA 5505---> network A (10.5.10.0)

This is working I can access a computer on network 10.5.10.0 from a computer connected through the clientless vpn, the client less vpn give an address in the rang 176.16.10.0.

My problem is that I can't access a compute on 10.10.0.0 form the computer connected via the client less vpn.

I think it is a NAT configuration but I can't figure out.

I am using the graphical interface 8.4 (4) 1 and the device manager version is 7.1(2)

 

Thank you for your help

 

 

 

As I have really little knowledge of how to set it up I need some help there.

 

6 REPLIES 6
Highlighted
Rising star

Re: Clientless vpn acces route to another vpn ASA5505

Hi,

 

   1. If you get an IP address when you connect to the VPN, it means you're not using clientless ssl vpn, but anyconnect.

   2. Configure on the ASA "same-security-traffic permit intra-interface".

   3. Configure a twice NAT rule to exclude traffic from users (172.16.10.0) towards the remote site protected network(10.10.0.0) from being NAT'ed, like for example:

 

object network vpn_clients

 subnet 172.16.10.0 255.255.255.0

object network vpn_remote_network

 subnet 10.10.0.0 255.255.0.0

nat (NAMEIF_OF_OUTSIDE_INT NAMEIF_OF_OUTSIDE_INT) 1 source static vpn_clients vpn_clients destination static vpn_remote_network vpn_remote_network no-proxy-arp

 

Regards,

Cristian Matei.

      

     

Highlighted
Beginner

Re: Clientless vpn acces route to another vpn ASA5505

Hi,

 

I try it in the command line interface, but it always say me invalid input (see picture), the name of the network are correct.

Do I missed something ?

 

Highlighted
Rising star

Re: Clientless vpn acces route to another vpn ASA5505

Hi,

 

   There is a comma missing:

 

nat (NAMEIF_OF_OUTSIDE_INT, NAMEIF_OF_OUTSIDE_INT) 1 source static vpn_clients vpn_clients destination static vpn_remote_network vpn_remote_network no-proxy-arp

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: Clientless vpn acces route to another vpn ASA5505

Hello,

The command worked, it creates the nat (I think it is the same as I was trying yesterday) but still no ping from a computer on 176.... to 10.10...

 

Is there something else I should look at ?

Highlighted
Rising star

Re: Clientless vpn acces route to another vpn ASA5505

Hi,

 

   Can you post the full current ASA configuration? You can PM me, if you don't want to share it here. Also, connect with the VPN client, generate some traffic towards the remote network and post the output of "show crypto ipsec sa detail" and "show vpn-sessiondb detail".

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: Clientless vpn acces route to another vpn ASA5505

Include are the 3 files.

I changed the ip, if me know if there is a problem with this

Hope you can help me with this, I am real not familiar with this

 

Thank you