03-25-2014 07:40 PM
Hi all !
I have setup VPN on my 5515-X and I can login from the internet, and I get an ip address from the dhcp server, but I cannot ping or access anything on any vlans or the internet. My workstation on the inside can ping the vpn client.
I want the vpn clients to access 2 vlans: vlan3+4.
DHCP scope for vpn clients: 172.16.0.10 - 172.16.0.49
I think I have a problem with my NAT or Access rules
Under anyconnect connection profile I have set the: "Bypass interface access lists for inbounds vpn sessions" .... does this mean I dont have to set Access rules for this traffic ?
And I have this NAT rule:
nat (inside,vlan3) source static any any destination static NETWORK_OBJ_172.16.0.0_25 NETWORK_OBJ_172.16.0.0_25 no-proxy-arp route-lookup
I think it is something simple I have not setup correctly and I appreciate any help
Thanks
Carsten
03-25-2014 07:57 PM
Hi Carsten,
Your picture didn't seem to post properly. Can you post your config? It sounds like an identity NAT issue.
The "bypass access-lists" just means that the VPN traffic will not be filtered by access-lists assigned to the firewall interfaces.
Regards,
Mike
03-25-2014 08:07 PM
nat (inside,vlan3) source static any any destination static NETWORK_OBJ_172.16.0.0_25 NETWORK_OBJ_172.16.0.0_25 no-proxy-arp route-lookup
03-25-2014 08:44 PM
It's impossible for me to determine the issue based on the info you have posted. If you can post a sanitized config, it would help greatly.
Regards,
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide