It's impossible for me to

clille.cisco · ‎03-25-2014

Hi all !

I have setup VPN on my 5515-X and I can login from the internet, and I get an ip address from the dhcp server, but I cannot ping or access anything on any vlans or the internet. My workstation on the inside can ping the vpn client.

I want the vpn clients to access 2 vlans: vlan3+4.

DHCP scope for vpn clients: 172.16.0.10 - 172.16.0.49

I think I have a problem with my NAT or Access rules

Under anyconnect connection profile I have set the: "Bypass interface access lists for inbounds vpn sessions" .... does this mean I dont have to set Access rules for this traffic ?

And I have this NAT rule:

nat (inside,vlan3) source static any any destination static NETWORK_OBJ_172.16.0.0_25 NETWORK_OBJ_172.16.0.0_25 no-proxy-arp route-lookup

I think it is something simple I have not setup correctly and I appreciate any help

Thanks

Carsten

Mike Williams · ‎03-25-2014

Hi Carsten,

Your picture didn't seem to post properly. Can you post your config? It sounds like an identity NAT issue.

The "bypass access-lists" just means that the VPN traffic will not be filtered by access-lists assigned to the firewall interfaces.

Regards,

Mike

clille.cisco · ‎03-25-2014

nat (inside,vlan3) source static any any destination static NETWORK_OBJ_172.16.0.0_25 NETWORK_OBJ_172.16.0.0_25 no-proxy-arp route-lookup

Mike Williams · ‎03-25-2014

It's impossible for me to determine the issue based on the info you have posted. If you can post a sanitized config, it would help greatly.

Regards,

Mike

Problems with VPN on 5515-X