Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5574
Views
0
Helpful
1
Replies

ASA 5505 VPN no access to inside network

emnielsen
Level 1
Level 1

‎10-23-2012 12:27 PM

Trying to set up ipsec/l2tp vpn to provide full access to internal network for remote users with only Windows built-in vpn client.

The vpn client can connect successfully, but can't see anything on the inside network.

The ASA is not the gateway for hosts on the internal network

name x.y.z.129 isp-gateway

name 172.16.1.0 vpn-address-pool

name 10.11.10.0 inside-network

name x.y.z.128 outside-network

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list vpn extended permit ip inside-network 255.255.254.0 vpn-address-pool 255.255.255.0

access-list outside_access_in extended permit ip any any

global (outside) 1 interface

nat (outside) 1 vpn-address-pool 255.255.255.0

nat (inside) 0 access-list vpn

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 isp-gateway 1

-----------------------------------------------

ciscoasa# show route

[...]

Gateway of last resort is cic-gateway to network 0.0.0.0

C    outside-network 255.255.255.128 is directly connected, outside

S    172.16.1.5 255.255.255.255 [1/0] via isp-gateway, outside

C    inside-network 255.255.254.0 is directly connected, inside

S*   0.0.0.0 0.0.0.0 [1/0] via isp-gateway, outside

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-24-2012 12:02 AM

Do you configure split tunnel or no split tunnel policy?

Also when you are connected and try to access internal network, can you pls share the output of :

show cry isa sa

show cry ipsec sa

0 Helpful
Customers Also Viewed These Support Documents