cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
97
Views
0
Helpful
2
Replies
Highlighted

remote access vpn can't ping internal network

dears ,

i did this configuration on asa for remote access vpn and vpn working but i cann't ping internal network and can't access servers

vpn remote :
============

1)crypto ikev1 policy 1 encryption 3des
crypto ikev1 policy 1 hash sha
crypto ikev1 policy 1 group 2
crypto ikev1 policy 1 lifetime 86400
crypto ikev1 enable outside
wr


2)ip local pool testpool 172.16.10.10-172.16.10.100


3)username testuser password cisco123 privilege 15

4)crypto ipsec ikev1 transform-set mednet esp-3des esp-md5-hmac

5)access-list local standard permit 10.1.20.0 255.255.255.0
access-list local standard permit 10.1.10.0 255.255.255.0
access-list local standard permit 10.1.100.0 255.255.255.0
access-list local standard permit 10.1.2.0 255.255.255.0
access-list local standard permit host 10.1.0.100
access-list local standard permit host 10.1.0.107

group-policy mednetpolicy internal
group-policy mednetpolicy attributes
vpn-tunnel-protocol ipsec //new
split-tunnel-policy tunnelspecified
split-tunnel-network-list value local

6)tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
default-group-policy mednetpolicy

tunnel-group testgroup ipsec-attributes
ikev1 pre-shared-key cisco123

7)crypto dynamic-map dyn1 1 set ikev1 transform-set mednet
crypto dynamic-map dyn1 1 set reverse-route "optional"

8)crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside

write memory

2 REPLIES 2
Beginner

Hello,

Hello,

You're missing the NAT exemption you can configure the following objects:

object-group network internal_network

network-object 10.1.20.0 255.255.255.0

network-object 10.1.10.0 255.255.255.0

network-object 10.1.100.0 255.255.255.0

network-object 10.1.2.0 255.255.255.0

network-object host 10.1.0.100

network-object host 10.1.0.107

object network client_pool

subnet 172.16.10.0 255.255.255.128

Nat (inside,outside) source static internal_network internal_network destination static client_pool client_pool no-proxy-arp route-lookup

Regards, please rate.

Highlighted

Dear Diego  ,

Dear Diego  ,

the problem still exit and i have packet discarded in vpn client

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here