the remote soho subnets are /29 subsets of the 192.168.250.0/24, and the dhcp pool for the Anyconnect contains usable ip's within the 192.168.260.0/24 subnet. The nonat permit acl is 192.168.0.0/16.

This nonat range should cover both the sslvpn dhcp subnet and the soho ipsec /29 subnets (that are from the .250.0/24 subnet).

The fact that the soho vpn tunnels activate properly and connect traffic to other LAN 192.168.x.x subnets on the inside intranet interface of the hub asa5520 tell me that the hub asa5520 agrees with the interesting traffic acl's.

u need an acl rourced from soho and distination to sll clients and

in the opesit direction aswell

for nat exmption

becaue the packet come to the hub and then get out in both direction

make sure to cover this point accuratly

and for simplicity of configuration and troubleshooting

i sugest u to use deffrent ip addresing range for each vpn type

for example sll 192.168.1.0/24

ipsec 192.168.2.0/24

for simplisity only

Thank you for your help.

I found the problem, which was close to your suggestion. The solution was that I needed a nonat acl containing the remote subnets, but also I needed an outside nat 0 command.

Example:

access-list nonat-remote any 192.168.240.0 255.255.255.0

access-list nonat-remote any 192.168.250.0 255.255.255.0

nat (outside) 0 access-list nonat-remote

Specificing the external nat 0 with acl's that included the remote subnets resolved the problem.

Thanks again for the help.

-Scott

i am happy its worked

and i this is 5 + from me.. for this external nat 0

but i am wondering why on outside worked!!!!

Hi Kiran,

I'm a begginer in SSL VPN and I'd like to know

what I need to have a ASA 5520 in my headquarter and have remote access from about 100 users.

I know that I had to buy 100 licences for this, how much is this licences? What configuration I had to put on my ASA? My clients uses Solaris 10 and Red Hat Enterprise 5. What have I to install or configure in their machines?

Thanks