I want to setup anyconnect on a ASA5505 but I cannot reach anything when I'm connected.
The client must receive a public IP address and all traffic must pass by the VPN tunnel.
The ASA has only one interface connected (outside) and a public IP address.
The public IP subnet for VPN is routed to the ASA.
I don't have any "internal" network and I don't need one.
VPN clients must be able to exchange traffic between them.
My network setup:
- ASA outside IP: x.y.z.19
- IP range allocated to VPN: x.y.z.48 to x.y.z.63
- There is a firewall rule that allow VPN IP range to any and from any to VPN IP range on "global" interface.
If I establish a VPN connection, I receive an IP address, for example x.y.z.50
Traceroute from external location to x.y.z.50 for example shows x.y.z.19 as last hop, so routing is working properly.
From the VPN client, I cannot ping or reach anything on x.y.z.19 nor 22.214.171.124
Packet tracer in ASDM from x.y.z.50 to 126.96.36.199 shows that the packet can pass.
What am I missing ? Do I need to use NAT even if I don't have any inside network ?
thanks for your help !
Go to Solution.
Yes. You have enable same-security traffic permit intra-interface as you come and go via same interface..... you need to do no-nat with (outside,outside) with your vpn address....
View solution in original post
Cisco ASA - Remote VPN Client Internet Access
You want 'Option 2'
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: