10-01-2010 01:06 AM
Hi
This week i configured a remote access vpn to an asa 5510.
See this topic: https://supportforums.cisco.com/message/3191344#3191344
Thanks to the support, i can connect now, but i still don't have any local lan access.
When i connect with my vpn client.
My internal dhcp pool is 192.0.0.0 255.255.255.0
My dhcp pool is 192.0.1.0 255.255.255.0
I have attachted my running config, and some screenshots from my VPN client when connected.
Any help would be appreciated
Solved! Go to Solution.
10-01-2010 01:14 AM
You've added an incorrect NAT exemption ACL. It should be:
access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0
and to test pinging the inside interface, pls add:
management-access inside
Hope that resolves the issue.
10-01-2010 01:14 AM
You've added an incorrect NAT exemption ACL. It should be:
access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0
and to test pinging the inside interface, pls add:
management-access inside
Hope that resolves the issue.
10-01-2010 01:31 AM
Hi Jennifer
Thank you for the quick responce, but i still don't have local lan access.
when i'mconnected, my default gateway that i get from the asa, is the same as the ip
address i get from the asa.
Connection-specific DNS Suffix . : xxxxxxxxxxxxxxxxx
IP Address. . . . . . . . . . . . : 192.0.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.0.1.2
Is this correct, it seems odd, but i don't know much about vpn's, as you may already know.
Thanks for all the help
10-01-2010 01:34 AM
yes, that is OK. from the statistics page, your vpn client is sending the traffic towards the ASA, but no traffic is returning.
Can you share the output of:
show crypto ipsec sa
Can you ping the ASA inside interface from vpn client?
10-01-2010 01:35 AM
Also, enable this command:
crypto isakmp nat-traversal
10-01-2010 01:40 AM
10-01-2010 01:43 AM
is ping to 192.0.0.40 successful?
10-01-2010 01:46 AM
Yes now ping to 192.0.0.40 is succesfull
10-01-2010 01:48 AM
Perfect,..
What other hosts are you trying to access internally? ping as well? you might want to check if personal firewall is turned on the inside host as it blocks incoming/inbound traffic from other subnets normally.
10-01-2010 02:02 AM
10-01-2010 02:05 AM
Great, thanks for the update. Please kindly mark the post as answered.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide