07-29-2009 05:45 PM
My problem is just as the title states. Any internal host can access the internet with out any issues. When I VPN into the network I can access all internal networks but am unable to access any Internet sites.
I've used packet tracer in ASDM with the following settings: an address from the vpn pool and the address of an external website with all the appropriate ports. Packet tracer says the packet should be allowed.
Also, with logging set to debug I never see a packet hit the log that is destined for Internet land.
DNS appears to be functioning as it should.
What am I missing! Thanks in advance for all of your help.
Solved! Go to Solution.
07-29-2009 07:53 PM
Hi, from your description seems you have configured RA vpn as full tunnel? if this is the case could you confirm you are nating your vpn network for outbound ..
typically for RA full tunnel outbound internet you would nat vpn pool network and allow that traffic back out
the same interface it came with same sec permit intra interface statement.
nat (outside) 1
same-security-traffic permit intra-interface
have a look here for reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Regards
07-29-2009 07:53 PM
Hi, from your description seems you have configured RA vpn as full tunnel? if this is the case could you confirm you are nating your vpn network for outbound ..
typically for RA full tunnel outbound internet you would nat vpn pool network and allow that traffic back out
the same interface it came with same sec permit intra interface statement.
nat (outside) 1
same-security-traffic permit intra-interface
have a look here for reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide