We have a Remote IPSec VPN setup on our Cisco ASA 5505.
This allows a connection, however when we try and route traffic for our internal network, plus a set of external IPs, we get the traffic blocked for VPN users.
I am presuming this is either an ACL or NAT issue but I'm not sure exactly.
I have created the following:
access-list skiddlevpn_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list skiddlevpn_splitTunnelAcl standard permit 188.8.131.52 255.255.255.252
access-list skiddlevpn_splitTunnelAcl standard permit 184.108.40.206 255.255.255.25
I have also noticed that the DHCP pool we use for VPN clients is overlapping with our internal network:
ip local pool CiscoVPNDHCPPool 192.168.2.130-192.168.2.149 mask 255.255.255.0
This has worked before, but perhaps I'm now missing something?
I have noticed a few errors such as this, which I'm not sure if they are connected:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:192.168.2.130/54762 dst inside:OfficeWindowsServer/53 denied due to NAT reverse path failure