取消
显示结果 
搜索替代 
您的意思是: 
cancel
697
查看次数
0
有帮助
2
回复

ASA 5506-X - Cannot ping or RDP when using VPN

jjevans
Level 1
Level 1

Hello All,

 

I have a Cisco ASA 5506-X

 

I used the default config using version ASA Version 9.14(2)15 and this VPN with split tunnel tutorial to setup AnyConnect client using the Any Connect Wizard: https://www.petenetlive.com/KB/Article/0000069

 

The problem I am having is AnyConnnect VPN client connects just fine buy I cannot RDP or ping anything in my internal network. 192.168.1.0/24

I am very new to ASA so just wondering what I am doing wrong. Any insight is appreciated.

 

For whatever reason the wizard created an network object:

[OK] object network NETWORK_OBJ_192.168.1.128_26

      object network NETWORK_OBJ_192.168.1.128_26

 

But at the end of the wizard it showed:

[ERROR] nat (inside,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup 

nat (inside,outside) 1 source static any any destination static NETWORK_OBJ_192.   8.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup

 

ERROR: % Invalid input detected at '^' marker.

 

Not sure if that has anything to do with the issue I am trying to resolve. TIA

1 个已接受解答

已接受的解答

@jjevans it's probably complaining because you are using a BVI and the actual interfaces are inside_1, inside_2 etc.

Amend the NAT rules to include the correct nameif.

 

nat (inside_1,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup 

 

在原帖中查看解决方案

2 条回复2

@jjevans it's probably complaining because you are using a BVI and the actual interfaces are inside_1, inside_2 etc.

Amend the NAT rules to include the correct nameif.

 

nat (inside_1,outside) 1 source static any any destination static NETWORK_OBJ_192.168.1.128_26 NETWORK_OBJ_192.168.1.128_26 no-proxy-arp route-lookup 

 

Nice work Rob. Yeah that was the issue. Really appreciate the insight.