Solved: ASA 5506-X - Cannot ping or RDP when using VPN

jjevans · ‎10-24-2021

Hello All,

I have a Cisco ASA 5506-X

I used the default config using version ASA Version 9.14(2)15 and this VPN with split tunnel tutorial to setup AnyConnect client using the Any Connect Wizard: https://www.petenetlive.com/KB/Article/0000069

The problem I am having is AnyConnnect VPN client connects just fine buy I cannot RDP or ping anything in my internal network. 192.168.1.0/24

I am very new to ASA so just wondering what I am doing wrong. Any insight is appreciated.

For whatever reason the wizard created an network object:

[OK] object network NETWORK_OBJ_192.168.1.128_26

object network NETWORK_OBJ_192.168.1.128_26

But at the end of the wizard it showed:

[ERROR] nat (inside,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup

nat (inside,outside) 1 source static any any destination static NETWORK_OBJ_192. 8.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup

ERROR: % Invalid input detected at '^' marker.

Not sure if that has anything to do with the issue I am trying to resolve. TIA

Rob Ingram · ‎10-24-2021

@jjevans it's probably complaining because you are using a BVI and the actual interfaces are inside_1, inside_2 etc.

Amend the NAT rules to include the correct nameif.

nat (inside_1,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup

View solution in original post

Rob Ingram · ‎10-24-2021

@jjevans it's probably complaining because you are using a BVI and the actual interfaces are inside_1, inside_2 etc.

Amend the NAT rules to include the correct nameif.

nat (inside_1,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup

jjevans · ‎10-24-2021

Nice work Rob. Yeah that was the issue. Really appreciate the insight.