09-29-2010 06:27 AM
Hello All,
It makes now several days that I'm trying to find where the problem can be, but it's becoming very frustrating to stay blocked...
Here is the picture of what I have to configure:
The client says he sends packets, I can see them arriving, but the client is unable to connect to the WebServer, neither to ping it.
Do you have a solution to this problem. Configuration is attached.
09-29-2010 08:19 AM
when you do a ping test, please capture packets on the inside of asa nad see if you see them leaving the inside of firewall
secondly, how is th etunnel configured is your cryto acl natted ip or is it private to private
thirdly, is th eother traffic through the vpn working fine
09-29-2010 08:41 AM
Hi,
How are the clients trying to access the server. Are they using the IP address 192.168.0.2 or the NATed IP 10.12.231.1?
I noticed a static policy NAT with the destination IP as "any" as below:
access-list inside_nat_static_1 extended permit ip host InovaSuite-Server any
static (inside,outside) 10.12.231.1 access-list inside_nat_static_1
We can as well change it to just "static (inside,outside) 10.12.231.1 InovaSuite-Server".
Also, any reason why you have the below static command?
static (outside,outside) InovaSuite-Server access-list outside_nat_static_1
I could not make much sense out of it.
Thanks and Regards,
Prapanch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide