Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
897
Views
0
Helpful
4
Replies

Cannot Access Local Resources Remote Access VPN on ASA

Greg Moss
Level 1
Level 1

‎05-27-2014 09:02 AM - edited ‎02-21-2020 07:39 PM

Hello -  I have set up a Remote access VPN on an ASA.  The tunnell seem to come up ok but I cannot access any local resources. I have searched the forums and google and for some reason cannot get it to work. Could someone have a look for me and point me in the right direction.

 

Thank-you

 

gm

Labels:
Preview file
13 KB
0 Helpful
4 Replies 4

anwesh1711
Level 1
Level 1

‎05-29-2014 01:53 AM

Hi, 

Which ip you are trying to reach, are you able to ping from ASA to that internal ip.

As i can see there is not route back to your internal network.

 

Thanks

0 Helpful

Marius Gunnerud
VIP
VIP
In response to anwesh1711

‎05-29-2014 02:03 PM

Which local network are we talking about.  The local network connected to the ASA or the local network from where the RA users are connecting from?

There is no need for a route statement, the internal network is directly connected to the ASA.

Your config looks fine though I have seem some issues with VPN when using the any keyword.  Chance the no NAT statement to be more specific since you are doing split tunneling anyway.

access-list NONAT extended permit ip 192.168.0.0 255.255.255.0 192.168.115.0 255.255.255.0

Change the statement and test. Let us know how it goes.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Greg Moss
Level 1
Level 1
In response to Marius Gunnerud

‎05-29-2014 04:40 PM

Thanks for reply.  I changed the NONAT statement statement as suggested above and it still isn't working.  I did get it working by adding a ACL to the outside and inside interfaces permitting the specific VPN traffic. I was under the understanding that the sysopt connection permit-vpn command bypassed ACL and I didnt need those statements but its working.

 

thanks - all for the replies

 

gm

 

0 Helpful

Marius Gunnerud
VIP
VIP

‎05-30-2014 02:32 AM

The sysopt connection permit-vpn command bypasses the ACL on the outside interface...not the ACL on the inside interface.

Glad you got it working smiley

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents