12-11-2021 11:45 AM
Using anyconnect as remote access on ASA for outside, and another FW for LAN
how to use remote access to reach from LAN,
I configure VPN pool range to assign addresses in VPN profiles m but traffic stuck from ASA and not going to LAN FW
* route from WAN to Lan exist
any ideas, i will be appreciate
12-11-2021 12:12 PM
@Waheed Eladawy Do you have a NAT exemption rule, to ensure traffic is not unintentially translated? Example:
nat (inside,outside) source static LAN LAN destination static RAVPN-POOL RAVPN-POOL
12-11-2021 12:36 PM
yes i have created it like this
nat (LAN_FW_int,outside) source static LAN_Adresses des static VPN_Addresse_Pool
note : i use vpn pool subnet not exist on lan fw i depend on existing Routing ro flow traffic to lan fw and then Policy will apply on VPN pool address
thnx fi=or reply.
12-11-2021 12:40 PM
@Waheed Eladawy provide your configuration for review.
Run packet-tracer from the CLI to simulate the traffic flow, provide the output for review.
12-11-2021 12:55 PM
shows me that traffic dey by access list deny (implicit) but all traffic from/to it allowed
12-19-2021 02:37 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide