08-25-2014 08:09 AM - edited 02-21-2020 07:47 PM
Hello everyone,
I want to setup anyconnect on a ASA5505 but I cannot reach anything when I'm connected.
The client must receive a public IP address and all traffic must pass by the VPN tunnel.
The ASA has only one interface connected (outside) and a public IP address.
The public IP subnet for VPN is routed to the ASA.
I don't have any "internal" network and I don't need one.
VPN clients must be able to exchange traffic between them.
My network setup:
- ASA outside IP: x.y.z.19
- IP range allocated to VPN: x.y.z.48 to x.y.z.63
- There is a firewall rule that allow VPN IP range to any and from any to VPN IP range on "global" interface.
If I establish a VPN connection, I receive an IP address, for example x.y.z.50
Traceroute from external location to x.y.z.50 for example shows x.y.z.19 as last hop, so routing is working properly.
From the VPN client, I cannot ping or reach anything on x.y.z.19 nor 8.8.8.8
Packet tracer in ASDM from x.y.z.50 to 8.8.8.8 shows that the packet can pass.
What am I missing ? Do I need to use NAT even if I don't have any inside network ?
thanks for your help !
Solved! Go to Solution.
08-26-2014 04:29 AM
Hi,
Yes. You have enable same-security traffic permit intra-interface as you come and go via same interface..... you need to do no-nat with (outside,outside) with your vpn address....
Regards
Karthik
08-26-2014 04:29 AM
Hi,
Yes. You have enable same-security traffic permit intra-interface as you come and go via same interface..... you need to do no-nat with (outside,outside) with your vpn address....
Regards
Karthik
08-26-2014 08:17 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide