The VPN Client can communicate to inside hosts but not to hosts on the Demilitarized Zone (DMZ). Network Address Translation (NAT) needs to be disabled on the DMZ interface.
Add nonat config for the DMZ interface. For example, assume this configuration:
ip address inside 10.1.1.1 255.255.255.0 ip address dmz 172.16.1.1 255.255.255.0 ip local pool vpn_pool 192.168.1.1-192.168.1.254 access-list split_tunnel permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list split_tunnel
Enter these commands:
access-list split_tunnel permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
Hey guys, I'm trying to configure multiple SNMP community strings on a Cisco ASA5506 running v9.8.2. We're working with another company to have the ASA monitored, but I don't see a way to add another SNMP community without having the existing one overwrit...
I am currently running interim release 9.6(4)42. I want to upgrade one last time before I cannot get contract support next November. Can anyone recommend a good major release that is stable. We use Firepower 18.104.22.168 with an FMC. We also run Anyconnect 4.7...
Hello, guys.Cannot find info if we can upgrade NAM from ASA ?Does someone know if it is possible ?AnyConnect itself upgrades successfully from ASA but AC and NAM versions should match.In addition to this NAM installation breaks up network connectivity so ...
Hello, I am curious to know , if a Cisco VPN AnyConnect is configured and for Posture of this VPN we use Cisco ISE , how Cisco ASA forwards the traffic to Cisco ISE when it does Posture. I have 2 Cisco ISE and I know that PSN is always Active Active ...