Solved: Re: After anyconnect VPN is connected,i cannot ping to one of internal network

may.thu · ‎11-20-2020

Hello Team,

Please help me advise for my issue:

I have setup mobile VPN in Firepower 2130, there are few vlan 20,21,22 in FW for inside network. Among them, vlan 21 need to access internet and i do manual NAT under polices.

when my pc connected vpn, it cannot ping to vlan 21. if i remove NAT rule , i can ping to vlan 21 ip address. But i need vlan 21 to have internet access and want

Rob Ingram · ‎11-21-2020

@may.thu

You probably need a NAT exemption rule, to ensure traffic between VLAN21 and RAVPN network is not unintentially natted by another nat rule. This new nat rule would be placed above the dynamic nat rule you created for internet access.

Please provide a screenshot of your current nat rules.

View solution in original post

Rob Ingram · ‎11-21-2020

@may.thu

You probably need a NAT exemption rule, to ensure traffic between VLAN21 and RAVPN network is not unintentially natted by another nat rule. This new nat rule would be placed above the dynamic nat rule you created for internet access.

Please provide a screenshot of your current nat rules.

may.thu · ‎11-21-2020

Hello.

Thanks for your reply. Kindly find current attached files for NAT rules.

may.thu · ‎11-21-2020

HI Guys,

When i disable NAT rules (Internet access for VLAN 21), i able to ping it. I also suspect due to NAT rules.

But when i disable NAT Empet setting in VPN , this is no effect in testing.

i tested two NAT rules for internet access, one is manual NAT and one AUTO NAT (either one enable). but still not work(unpingable). Please help me advise what would be possible cause.

MHM Cisco World · ‎11-21-2020

can you please share the NAT config here,

all NAT in ASA.

may.thu · ‎11-21-2020

Hello.

Thanks for your reply. Kindly find current attached files for NAT rules.