cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

2079
Views
35
Helpful
21
Replies
Rising star

Re: No Internet Access for Full Tunnel

I think everyone's suggestion in the previous posts are correct. Did you try those suggestions all together?

1. You do need "nat (Outside) 1 192.168.10.0 255.255.255.0" if 192/168.10.0/24 is ip pool for vpn client.

2. You do need a valid DNS server address

3. You do need "same-security-traffic permit intra-interface"

4. You'd better remove "route Inside 0.0.0.0 0.0.0.0 172.16.3.102 tunneled"

By the way, when you ping www.google.com, is IP resolved?

In your log, I did not see any client IP 192.168.10.x but 192.168.1.1.

View solution in original post

Beginner

Re: No Internet Access for Full Tunnel

Thanks for your response, Kevin.  I have tried those suggestions all together.

1.  I added the NAT (Outside) 1 192.168.10.0 and still could not get on the internet.   I removed the NAT (Inside) statements and added the Nat (Outside) 1 192.168.10.0.  I could not get to the internal resources and internet.

2.  I have a valid DNS server address

3.  I have "same-security-traffic permit intra-interface" statement

4.  Remove "route Inside 0.0.0.0 0.0.0.0 172.16.3.102 tunneled"

When I ping www.google.com, the IP address is not resolved.  So, I had to ping Google's IP address instead.

It was my error, the IP address should be 192.168.10.0, not 192.168.1.0

Can you think of anything else?  Thanks.

Diane

Rising star

Re: No Internet Access for Full Tunnel

Can you ping IP address of www.google.com successfully?

If yes, your connectivity is good. It might be just DNS issue. When client is connected, use "nslookup" on client PC to see if it uses the correct DNS server and if DNS server can resolve the name to IP correctly.

Beginner

Re: No Internet Access for Full Tunnel

Kevin,

I can now get on the internet.  I put both NAT statements as recommended again by Nomair_83

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

nat (Outside) 1 192.168.10.0 255.255.255.0

I don't know why these NAT statements did not work in the previous posts.

I would like to thank you and everyone for taking time to help me out.  You took time to read the posts and summarized what I should have in my config.  You guys are truly amazing. I will go back and rate each post.

Thanks.

Diane

Highlighted
Rising star

Re: No Internet Access for Full Tunnel

Diane,

Glad you made it work.

Just FYI. After you do any change on NAT commands, you'd better do a "clear xlate".

View solution in original post

Participant

Re: No Internet Access for Full Tunnel

Diane u dont have to remove nat (inside) commands and nat (outside) (vpn pool IP address) is required.

try to ping your dns server when connected and if it pings then try to browse google by IP : like http://IP of google.com.

try in command prompt ipconfig/flushdns

then try to browse/ping again..

View solution in original post

Beginner

Re: No Internet Access for Full Tunnel

Nomair_83

I can now get on the internet.  I readded the Nat (Outside) statement per your recommendation.  I don't know why these NAT statements did not work in the previous posts

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

nat (Outside) 1 192.168.10.0 255.255.255.0

I want to thank you and everyone for taking time to help me out.  Your input has been very valuable.  Each of your response has contributed to provide me with a solution.  I will go back and rate each post.

Thanks.

Diane

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here