- Cisco Community
- Technology and Support
- Security
- VPN
- AnyConnect VPN cant access internet or internal resources
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AnyConnect VPN cant access internet or internal resources
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2016 07:00 AM
So cant access internet or internal resources from VPN outside the network. The VPN connects and gets IP from pool, but that's it.
Any help would be great.
hostname XXXX
domain-name XXXX.lan
enable password UakzpvWjM7F7Ikun encrypted
names
ip local pool SAP-VPN 192.168.1.120-192.168.1.125 mask 255.255.255.0
ip local pool VPN-Access 192.168.2.1-192.168.2.25 mask 255.255.255.0
!
interface GigabitEthernet1/1
description to WAN
nameif outside
security-level 0
ip address pppoe setroute
!
interface GigabitEthernet1/2
description to LAN
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
!
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
banner login XXXX
banner login ****Approved access only****
banner motd XXXX
banner motd ****No unauthorized access****
boot system disk0:/asa961-lfbff-k8.SPA
ftp mode passive
clock timezone gmt 0
dns server-group DefaultDNS
domain-name XXXX.lan
object network inside-subnet
subnet 192.168.1.0 255.255.255.0
object service Netwatch
service tcp source eq 555 destination eq 555
object network dvrserver_inside
host 192.168.1.251
object network dvrserver_outside
host 192.168.1.251
object network NETWORK_OBJ_192.168.1.120_29
subnet 192.168.1.120 255.255.255.248
object network sap-server
host 192.168.1.211
description sap-server
object network NETWORK_OBJ_192.168.1.160_27
subnet 192.168.1.160 255.255.255.224
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network milner-browne-ip
host 87.198.206.226
description public ip
object network netwatch-555
host 192.168.1.251
description tpc-555
object network netwatch-2001
host 192.168.1.251
description tcp-2001
object network netwatch-3000
host 192.168.1.251
description ucp-3000
object network netwatch-2222
host 192.168.1.251
description tcp 2222
object network sap-rdp
host 192.168.1.211
description sap
object network sap-30000
host 192.168.1.211
description port 30000
object network Sys-net-comms
host 83.71.23.85
description phones
object network Phones-PBX
host 192.168.1.250
description PBX
object network SIP-PBX-server
host 89.101.166.113
description SIP server
object network VPN_HTTPS
host 83.70.80.39
description VPN external IP
object network Remote-VPN
range 192.168.2.1 192.168.2.25
description VPN IPs
object-group network netwatch
network-object host 86.47.219.23
network-object host 185.5.240.176
network-object host 185.5.240.177
network-object host 78.137.179.212
object-group network haas
description bakery equipment
network-object host 193.242.155.112
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
object-group service netwatch-ports
service-object tcp destination eq 555
service-object tcp destination eq 2001
service-object udp destination eq 3000
service-object tcp destination eq 2222
service-object tcp source eq 10000
object-group service RDP tcp
port-object eq 3389
object-group service port-30000 tcp
description for milner browne
port-object eq 30000
object-group service DM_INLINE_TCP_1 tcp
group-object RDP
group-object port-30000
object-group service Phone-PBX tcp
description for viewing config file
port-object eq 35300
object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object tcp destination eq https
access-list outside_access_in extended permit tcp object-group netwatch object dvrserver_inside eq 555
access-list outside_access_in extended permit tcp object-group netwatch object dvrserver_inside eq 2001
access-list outside_access_in extended permit udp object-group netwatch object dvrserver_inside eq 3000
access-list outside_access_in extended permit tcp object-group netwatch object dvrserver_inside eq 2222
access-list outside_access_in extended permit tcp object-group haas any eq https
access-list outside_access_in extended permit tcp object-group haas any eq www
access-list outside_access_in extended permit udp object-group haas any eq 11444
access-list outside_access_in extended permit tcp object-group haas any eq 11444
access-list outside_access_in extended permit tcp object milner-browne-ip object sap-server object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp object Sys-net-comms object Phones-PBX object-group Phone-PBX
access-list outside_access_in remark SIP server
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object SIP-PBX-server object Phones-PBX eq sip
access-list outside_access_in remark required to block phantom calls
access-list outside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any eq sip
access-list outside_access_in extended permit tcp any interface inside eq ssh
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any 192.168.1.0 255.255.255.0
access-list outside_access_in remark SAP server acess
access-list inside_access_out extended permit ip any any
access-list inside_access_out extended permit object-group TCPUDP object-group netwatch 192.168.1.0 255.255.255.0
access-list inside_access_out remark bakery equipment
access-list inside_access_out extended permit object-group TCPUDP object-group haas 192.168.1.0 255.255.255.0
access-list inside_access_out extended permit object-group DM_INLINE_PROTOCOL_1 object-group netwatch 192.168.1.0 255.255.255.0
access-list XXXXVPN_splittunnel standard permit 192.168.2.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging buffer-size 512000
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network inside-subnet
nat (inside,outside) dynamic interface
object network obj_any
nat (any,outside) dynamic interface
object network netwatch-555
nat (inside,outside) static interface service tcp 555 555
object network netwatch-2001
nat (inside,outside) static interface service tcp 2001 2001
object network netwatch-3000
nat (inside,outside) static interface service udp 3000 3000
object network netwatch-2222
nat (any,outside) static interface service tcp 2222 2222
object network sap-rdp
nat (inside,outside) static interface service tcp 3389 3389
object network sap-30000
nat (inside,outside) static interface service tcp 30000 30000
object network Phones-PBX
nat (inside,outside) static interface service tcp 35300 35300
!
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
access-group inside_access_out in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=XXXX
crl configure
crypto ca trustpoint XXXX-VPN
enrollment terminal
subject-name CN=XXXX,OU=Head-office,O=XXXX,C=IE,St=XXXX,L=Louth
crl configure
crypto ca trustpoint XXXX-Remote-VPN
enrollment self
subject-name CN=XXXX
crl configure
crypto ca trustpoint VPN_Access
enrollment self
fqdn XXXXvpn.ie
subject-name CN=XXXXvpn.ie
ip-address 83.70.80.39
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate 4048d257
308201d5 3082013e a0030201 02020440 48d25730 0d06092a 864886f7 0d010105
0500302f 310d300b 06035504 03130465 63626831 1e301c06 092a8648 86f70d01
0902160f 65636268 2e656362 616b652e 6c616e30 1e170d31 36303930 39313834
3033385a 170d3236 30393037 31383430 33385a30 2f310d30 0b060355 04031304
65636268 311e301c 06092a86 4886f70d 01090216 0f656362 682e6563 62616b65
2e6c616e 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181
00ab4552 1b54df1b b9601fb3 8703618d b24af04d 277c4a97 abfec345 a942499c
6ad5d823 d4c6eb50 3a5a27d5 33e38c1c e3f83ab8 5c12e388 ed806e0d 6941d605
27444184 1a9dfe3b b34aaeaf e5309fab db6487bc 14ba6484 4f6632df ad59a6f9
8de234ff f1624109 f862f601 13e28ac1 7a522432 f0e76c33 23707e05 a4d01fb4
13020301 0001300d 06092a86 4886f70d 01010505 00038181 009e525d 8917352e
959b77f6 4daf935f 1ff96950 e4932d0b 61c3a08b f15391a0 9e563f13 d9053e40
6ea2c8ab f5a95501 fb09326c 0a5a2e31 5c758ba9 a3f37fec 78f22ce9 7f4a5a90
73caf149 c37e49bd 07c42118 32e4416f acdfc6b6 558a1f65 79678290 d2779491
1b7cb9a6 c2822ba3 cf8b3240 ec9b43a2 2662b734 803e5d97 8b
quit
crypto ca certificate chain XXXX-Remote-VPN
certificate 4148d257
308201d5 3082013e a0030201 02020441 48d25730 0d06092a 864886f7 0d010105
0500302f 310d300b 06035504 03130465 63626831 1e301c06 092a8648 86f70d01
0902160f 65636268 2e656362 616b652e 6c616e30 1e170d31 36303932 32313233
3935355a 170d3236 30393230 31323339 35355a30 2f310d30 0b060355 04031304
65636268 311e301c 06092a86 4886f70d 01090216 0f656362 682e6563 62616b65
2e6c616e 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181
00ab4552 1b54df1b b9601fb3 8703618d b24af04d 277c4a97 abfec345 a942499c
6ad5d823 d4c6eb50 3a5a27d5 33e38c1c e3f83ab8 5c12e388 ed806e0d 6941d605
27444184 1a9dfe3b b34aaeaf e5309fab db6487bc 14ba6484 4f6632df ad59a6f9
8de234ff f1624109 f862f601 13e28ac1 7a522432 f0e76c33 23707e05 a4d01fb4
13020301 0001300d 06092a86 4886f70d 01010505 00038181 00056555 0fa103cc
3a74726a e45c54bc fe872b7b 25a49116 b65133e4 66d41fd9 4631a8c1 d9855bf2
0f49987b 111b16c2 7bd1d452 c41d04e1 1bd90a34 066e2360 f6c8fdf9 da893854
5b129b05 af5e919f dd869e63 42330602 4617269a 613e702c 9121ffde 23f43998
5016a707 7b5497ff f68e3d95 d7353dbf 055267af cad3501d 4d
quit
crypto ca certificate chain VPN_Access
certificate 3fffe357
30820213 3082017c a0030201 0202043f ffe35730 0d06092a 864886f7 0d010105
0500304e 31153013 06035504 03130c65 6362616b 6576706e 2e696531 35301806
092a8648 86f70d01 0908130b 38332e37 302e3830 2e333930 1906092a 864886f7
0d010902 160c6563 62616b65 76706e2e 6965301e 170d3136 30393232 31363035
34325a17 0d323630 39323031 36303534 325a304e 31153013 06035504 03130c65
6362616b 6576706e 2e696531 35301806 092a8648 86f70d01 0908130b 38332e37
302e3830 2e333930 1906092a 864886f7 0d010902 160c6563 62616b65 76706e2e
69653081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100ab
45521b54 df1bb960 1fb38703 618db24a f04d277c 4a97abfe c345a942 499c6ad5
d823d4c6 eb503a5a 27d533e3 8c1ce3f8 3ab85c12 e388ed80 6e0d6941 d6052744
41841a9d fe3bb34a aeafe530 9fabdb64 87bc14ba 64844f66 32dfad59 a6f98de2
34fff162 4109f862 f60113e2 8ac17a52 2432f0e7 6c332370 7e05a4d0 1fb41302
03010001 300d0609 2a864886 f70d0101 05050003 8181009e ba380ac5 1210656d
edcc7ab5 cd1cf1a1 68683025 d0278aae 80b65dde 6c5e2e1b 4e5d2d91 e05feb35
db7f6432 a2fae760 b2e3835a a509fb0f 030eaeff 62be8882 70e18453 609b3f34
3f82e645 160bfa5c 8cd2293a a8a6a3d1 0447112a ee3baf96 c93bcda2 c6fa2606
67c664bf ade497f5 8e4079b6 18962782 1d2f48f6 e742ae
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint VPN_Access
crypto ikev1 enable outside
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group14-sha1
console timeout 0
management-access inside
vpdn group Eircom request dialout pppoe
vpdn group Eircom localname eircome@eircom.net
vpdn group Eircom ppp authentication pap
vpdn group Eircome ppp authentication chap
vpdn username 041-9846006 password *****
dhcpd auto_config outside
!
ssl trust-point VPN_Access outside
ssl trust-point VPN_Access inside
webvpn
enable outside
enable inside
anyconnect image disk0:/anyconnect-macosx.pkg 1
anyconnect image disk0:/anyconnect-windows.pkg 2
anyconnect profiles XXXX-VPN_client_profile disk0:/XXXX-VPN_client_profile.xml
anyconnect profiles XXXX_vpn_client_profile disk0:/XXXX_vpn_client_profile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value 192.168.1.210 192.168.1.211
dns-server value 192.168.1.210
vpn-tunnel-protocol l2tp-ipsec
default-domain value XXXX.lan
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
wins-server value 192.168.1.210 192.168.1.211
dns-server value 192.168.1.210
vpn-tunnel-protocol l2tp-ipsec
default-domain value XXXX.lan
webvpn
anyconnect profiles value XXXX_vpn_client_profile type user
group-policy GroupPolicy_XXXX-VPN internal
group-policy GroupPolicy_XXXX-VPN attributes
wins-server none
dns-server value 192.168.1.210
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy excludespecified
split-tunnel-network-list value XXXXVPN_splittunnel
default-domain value XXXX.lan
webvpn
anyconnect profiles value XXXX-VPN_client_profile type user
dynamic-access-policy-record DfltAccessPolicy
username admin password HJY5VxYVxHWFQgxd encrypted privilege 15
username admin attributes
service-type admin
username XXXXvpn_33 password OmMFuHDIe12AjOd0 encrypted
username XXXXvpn_33 attributes
vpn-group-policy GroupPolicy_XXXX-VPN
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
password-storage disable
tunnel-group DefaultRAGroup general-attributes
address-pool SAP-VPN
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group XXXX-VPN type remote-access
tunnel-group XXXX-VPN general-attributes
address-pool VPN-Access
default-group-policy GroupPolicy_XXXX-VPN
tunnel-group XXXX-VPN webvpn-attributes
group-alias XXXX-VPN enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:ee01d95f1040b1d5ef0862569e7b48ae
: end
- Labels:
-
Remote Access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2016 11:06 AM
What device is that configuration from ? What software version are you running (ASA and VPN client) ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2016 01:43 AM
ASDM 9.6, asa 5506. Anyconnect version 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2016 07:45 AM
Hello,
as far as I can tell, you are missing the following:
--> this creates a transform set and instructs IPSec to use transport mode:
ASA5500(config)#crypto ipsec transform-set vpn_l2tp_transform esp-3des esp-sha-hmac
ASA5500(config)#crypto ipsec transform-set vpn_l2tp_transform mode transport
--> this creates a connection profile and links it to the group policy containing the vpn tunnel protocol specification:
ASA5500(config)#tunnel-group vpn_tunnel type remote-access
ASA5500(config)#tunnel-group vpn_tunnel general-attributes
ASA5500(config-tunnel-general)#default-group-policy DefaultRAGroup_1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2016 01:21 PM
Exclude this traffic from NAT:
src 192.168.0.0/16 dst 192.168.0.0/16
and add at least a default route to outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide