Can't access LAN resources through VPN

sandrik31199760347 · ‎10-30-2020

Hello, when I will connect to VPN cant ping connected servers in the (L A N)

please someone help to access LAN server 192.168.0.x and also connected to wan and access websites
thanks.

Rob Ingram · ‎10-30-2020

Hi @sandrik31199760347

You need a NAT exemption rule, to ensure traffic from the internal network to the RAVPN network is not natted.

E.g.

nat (any,outside) source static LAN LAN destination static VPN-PAT VPN-PAT no-proxy

HTH

sandrik31199760347 · ‎10-31-2020

does't work i tried this to (

Aref Alsouqi · ‎10-30-2020

Also, on your configuration output it shows you applied an access list on the outside interface allowing all IP traffic. This is very bad practice, and defeats the firewalls purpose all the way. You don't need that access list on the outside interface, so you can remove it and allow only what it should be allowed. That does not include AnyConnect traffic unless you have no sysopt connection permit-vpn command applied. In that case, you would need to define the AnyConnect range to be allowed to your internal LAN, or specific resources on specific ports/protocols.

sandrik31199760347 · ‎10-31-2020

when i removed this access list my lan is not doing nat to global

Aref Alsouqi · ‎11-04-2020

NAT/PAT would have nothing to do with the outside ACL. Regarding AnyConnect connectivity to the internal LAN, if you have sysopt connection permit-vpn disabled, then you need to explicitly allow the VPN traffic on the outside ACL.

MHM Cisco World · ‎10-31-2020

From what I understand you use RA VPN to access LAN and access internet?

please see the config I make this note for all.