03-25-2014 07:49 AM
Hi Community,
I have an issue whereby we are unable to access any hosts in the DMZ (192.168.22.0/24) when using the SSL Anyconnect VPN client. I suspect an ACL issue somewhere?
on the ASA I found this setting:
Configuration
--->Remote Access VPN
--->Network Client Access
--->Group Policies
For each Group we have---> Manage IPV4 filter
This is where I see Std ACL with some entries
Split_Tunnel
192.168.0.0/16
VPN_Routes
192.20.3.0/24
Can anyone advise if I just add the DMZ (192.168.22.0/24) Subnet to the Split_Tunnel Std ACL?
Thank you.
03-27-2014 05:42 AM
There is not much point in adding 192.168.22.0/24 to the split tunnel ACL because it is already included in 192.168.0.0/16. It might be helpful to add 192.168.22.0 to the VPN_Routes ACL. Can you tell us what is 192.20.3.0/24 that is currently specified in that ACL?
Can you verify that devices in the DMZ have a route to the address pool for VPN?
HTH
Rick
04-13-2014 11:37 PM
Make sure your VPN traffic is NAT exempted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide