Solved: Re: Routing/NAT not working on ASA with anyconnect

andrewgarlick · ‎02-09-2011

Hi Sorry for the post but seem to hit a snag which I may be completely missing.
I will post the config here however some names have being changed and IP's

I have just sentp Anyconnect on the ASA for VPN

The problem I have is this -

I can connect through anyconnect using an SSL Cert from the ASA,
I authenticate through the Domain contoller fine.
I get a IP address from the pool 192.168.100.1, gateway always seems to be 192.168.100.2
Then I can't access anything on the network I want to get to 170.62.0.0/16

I have attached the Config file

If anyone can tell me what I may be missing it or have done wrong.

JORGE RODRIGUEZ · ‎02-09-2011

Hi ,

In your firewall you route 170.62.0.0/16 through 170.62.4.11 gateway, in this other router 170.62.4.11 could you check if you have a route back for your VPN pool network 192.168.100.0/24, if not add a route back pointing to your asa inside interface ip 170.62.4.22 and try conecting again.

Regards

Jorge Rodriguez

View solution in original post

JORGE RODRIGUEZ · ‎02-09-2011

Hi ,

In your firewall you route 170.62.0.0/16 through 170.62.4.11 gateway, in this other router 170.62.4.11 could you check if you have a route back for your VPN pool network 192.168.100.0/24, if not add a route back pointing to your asa inside interface ip 170.62.4.22 and try conecting again.

Regards

Jorge Rodriguez

andrewgarlick · ‎02-10-2011

Hi - Yes when I stepped back and looked at this and the comments from Cisco saying about the IP Pool in different subnets - I changed it to the Internal LAN with a new IP Pool

I can now ping/connect to all Internal resources.

Thanks