cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
671
Views
0
Helpful
1
Replies

behind the ASA5505 No Internet Connectivity for the clients

i-explorer
Level 1
Level 1

Hi all,

I want internet for the clients behind the ASA. When i made an entry like:

object network as-us-db11_internet

nat (inside,outside) dynamic nat_usa_pool_72

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

then have the computer internet but the Client vpn connection wont work. i can not connect to the computer over vpn. but vpn connection worked.

Please check my configuration.

1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

Hi IE,

when you apply NAT to your inside network, it will (by default) also be applied to traffic to/from the VPN.

So you need what is called "NAT exemption", i.e. you need to configure the ASA to NOT apply NAT for the VPN traffic.

See this document for an example:

hth

Herbert