10-30-2020 11:44 AM
Hello, when I will connect to VPN cant ping connected servers in the (L A N)
please someone help to access LAN server 192.168.0.x and also connected to wan and access websites
thanks.
10-30-2020 12:01 PM
You need a NAT exemption rule, to ensure traffic from the internal network to the RAVPN network is not natted.
E.g.
nat (any,outside) source static LAN LAN destination static VPN-PAT VPN-PAT no-proxy
HTH
10-31-2020 02:20 AM
does't work i tried this to (
10-30-2020 12:38 PM
Also, on your configuration output it shows you applied an access list on the outside interface allowing all IP traffic. This is very bad practice, and defeats the firewalls purpose all the way. You don't need that access list on the outside interface, so you can remove it and allow only what it should be allowed. That does not include AnyConnect traffic unless you have no sysopt connection permit-vpn command applied. In that case, you would need to define the AnyConnect range to be allowed to your internal LAN, or specific resources on specific ports/protocols.
10-31-2020 02:21 AM
when i removed this access list my lan is not doing nat to global
11-04-2020 11:12 AM
NAT/PAT would have nothing to do with the outside ACL. Regarding AnyConnect connectivity to the internal LAN, if you have sysopt connection permit-vpn disabled, then you need to explicitly allow the VPN traffic on the outside ACL.
10-31-2020 07:10 AM
From what I understand you use RA VPN to access LAN and access internet?
please see the config I make this note for all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide