Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25191
Views
8
Helpful
17
Replies

No internet access while connected through Remote Access VPN...??

Go to solution
Magdiel Irad Sanchez Reyna
Level 1
Level 1

‎05-07-2012 09:24 AM - edited ‎02-21-2020 06:02 PM

Hi Everyone,

Im new in ASA configuration so I really need some advise, my requirements are these:

  • Have remote VPN access to the whole Remote LAN segment 10.0.0.0 255.0.0.0 ( includes NEXUS,UCS, CUCM,DMS, Wireless ..etc)
  • Able to telnet/ssh remote devices and admin access to http/https enabled technologies.
  • Internet traffic send over my local ISP not remote LAN Internet
  • For the first instance, let all the INSIDE hosts (10.0.0.0) (connected with a L3 switch and so on) have internet access for demo purposes.

Basically, those are my needs (not too much to ask!!) I already made most of the config but it took me 2 days to figure out some things but now i have

the issue that cannot access http/https to UCS or CUCM (10.1.1.4) and while i am connected to VPN cant surf or seek for answers on the web using my

local Internet .

Im gonna post my ASA config and the directly connected L3 switch for you expert guys to help me fugure out my mistake.. ok!

Thanks in advance !!

Labels:
127537-ASA-5540.zip
127538-3560X.zip
0 Helpful
17 Replies 17

Go to solution
rizwanr74
Level 7
Level 7
In response to Magdiel Irad Sanchez Reyna

‎05-08-2012 06:18 AM

Hi there,

Please copy this lines on your running config.

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac


crypto dynamic-map dynacrpto 65535 set ikev1 transform-set ESP-AES-128-SHA


crypto map crypto-map 65535 ipsec-isakmp dynamic dynacrpto
crypto map crypto-map interface OUTSIDE

crypto ikev1 enable OUTSIDE

Please let me know the progress.

thanks

0 Helpful

Go to solution
Magdiel Irad Sanchez Reyna
Level 1
Level 1
In response to rizwanr74

‎05-08-2012 12:03 PM

Thanks Rizwan,

I made some changes and i already have internet access while in Remote VPN, the only issue that am facing

is that cant have connectivity to some subnets.....I guess i need to add them to the split-tunneling acl or have to add more than that?

0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to Magdiel Irad Sanchez Reyna

‎05-08-2012 12:14 PM

You need to create a no-nat between your internal network(s) and remote-vpn ip-pool and add that particular networks on the split-tunnel ACL.

object network obj-myinside-network

subnet x.x.x.x 255.255.255.0

nat (inside,outside) source static obj-myinside-network obj-myinside-network destination static VPN-POOL VPN-POOL

Hope that helps.

thanks

0 Helpful
Customers Also Viewed These Support Documents