10-10-2020 12:47 AM
Dear Team,
I have using Cisco ASA I have configured L2TP/IPsec VPN, Users able to connect from out side network and able to reachable Inside Network but VPN users unable to use internet.
When I will untick network gateway under VPN setting I will able to use internet but not reachable form inside network.
I have note that internet is working form my local network not going through VPN & CISCO ASA.
Can some one guide to resolved issue ASA
Solved! Go to Solution.
10-10-2020 12:54 AM
Hi @sachinc01
Try adding this NAT:
object network NETWORK_OBJ_10.84.37.192_26
nat (GTMH_Outside,GTMH_Outside) dynamic interface
If this doesn't work please run a packet-tracer from the CLI and provide the output for review.
HTH
10-13-2020 05:04 AM
In your packet-tracer example the traffic does not appear to be hitting the NAT rule provided in the example above. It is matching another NAT rule. Try temporarily removing the NAT rule for testing, e.g.
no nat (GTMH_Outside,GTMH_Outside) source static any any destination static NETWORK_OBJ_10.84.37.192_26 NETWORK_OBJ_10.84.37.192_26 no-proxy-arp
....or amend this NAT rule and replace "any any" and be more specific with the source network
Make the change and test again
10-10-2020 12:54 AM
Hi @sachinc01
Try adding this NAT:
object network NETWORK_OBJ_10.84.37.192_26
nat (GTMH_Outside,GTMH_Outside) dynamic interface
If this doesn't work please run a packet-tracer from the CLI and provide the output for review.
HTH
10-10-2020 03:27 AM
Dear Sir,
Thanks for help I have run below command for VPN Users
ciscoasa(config)# object network dial
nat (GTMH_Outside,GTMH_Outside) dynamic interface
PFA packet tracer,
I have untick on VPN setting (default gateway on remote network )but my traffic gong through Local Network to reach internet
but no access inside network through VPN,
When untick I able to reach inside network but VPN users no internet access
10-13-2020 04:14 AM
Dear Sir,
I was done config but issue not resolved yet I have send Packet tracer report please check and revert.
10-13-2020 05:04 AM
In your packet-tracer example the traffic does not appear to be hitting the NAT rule provided in the example above. It is matching another NAT rule. Try temporarily removing the NAT rule for testing, e.g.
no nat (GTMH_Outside,GTMH_Outside) source static any any destination static NETWORK_OBJ_10.84.37.192_26 NETWORK_OBJ_10.84.37.192_26 no-proxy-arp
....or amend this NAT rule and replace "any any" and be more specific with the source network
Make the change and test again
10-13-2020 05:53 AM - edited 10-13-2020 07:45 AM
Dear Sir,
Thanks a lot Issue has been resolved :):)
Thanks for grate Support !!!!!
Now I want to allow 4 Website to VPN users & other side need to block how to do this please guide,
Or shared link how to do this.
Regards,
Sachin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide