Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1671
Views
6
Helpful
3
Replies

VPN Connected but cannot access LAN

nprdomingo
Level 1
Level 1

‎04-29-2010 01:16 AM

Hi,

I can connect to the VPN via Cisco VPN Client but I cannot ping any ip from the LAN. I already tried the crypto isakmp nat-traversal 20 but still no luck. I am attaching my config. Hope you can help. Thanks

Labels:
63907-vpnconfig.txt.zip
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-29-2010 04:47 AM

If you have just tested ping through the vpn client connection, then you need to allow icmp inspection as follows:

policy-map global_policy
class inspection_default
  inspect icmp

With the current configuration, you should be able to access the inside LAN: 10.238.10.0/24

If you also need access to DMZ subnet, then you would need the following:

access-list dmz-nonat permit ip 192.168.238.0 255.255.255.0 10.88.0.0 255.255.255.0

nat (dmz) 0 access-list dmz-nonat

I also notice that you didn't configure split tunnelling, hence you won't be able to browse the internet once connected via vpn. You can either configure split tunnel, or send all traffic (including internet traffic) towards the ASA via the vpn tunnel.

g.premoli
Level 1
Level 1

‎05-06-2010 02:50 PM

Possibly you have a similar issue like this:

https://supportforums.cisco.com/thread/2002837?tstart=0

Please, try to manually add a route (you must do using the administrative command prompt) and ping again.

If you can do, you have exctly my same problem; if so, please, let me know.

Ciao

nprdomingo
Level 1
Level 1

‎05-06-2010 06:24 PM

Hi,

We got it working now by enabling NAT traversal. Thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents