03-04-2014 02:27 PM
Hello Guys,
I have an ASA 5505 with two tunnels, one Site-to-Site (between two ASA 5505), and also I added a VPN for remote access using the Cisco VPN Cient. The thing that I discovered is that the connection Site-to-Site, I can reach hosts from the LANs, but using the VPN Client I only can reach the inside Interface of the ASA but not to the hosts.
Maybe something is missing in my ACL's but I wasn't able to determine what it is. Would you give me a hand on this?
Attached is my config file, and the LAN behind the ASA consist in a couple of vlans on the segment 192.168.0.0 /24 the VPN Client receives IP from the segment 10.10.10.X
Thanks in advance,
Solved! Go to Solution.
03-04-2014 02:38 PM
Hi David,
You are missing a NAT exemption statement.
You need to add this:
access-list noNAT extended permit ip any 10.10.10.0 255.255.255.0
03-04-2014 02:38 PM
Hi David,
You are missing a NAT exemption statement.
You need to add this:
access-list noNAT extended permit ip any 10.10.10.0 255.255.255.0
03-04-2014 04:20 PM
Dear jjohnston,
You were right, I added the statement and now I can reach the hosts.
Thanks a bunch!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide