cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
0
Helpful
4
Replies

ASA 7.2 remote access VPN

m-mneimneh
Level 1
Level 1

Hi All,

I created a remote access VPN on my ASA through ASDM. The internal LAN in 192.168.14.x; the remote access pool uses 10.254.14.x; my vpn client logs in normally, but once in, i am not able to reach 192.168.14.x; any tips?

4 Replies 4

zroth
Level 1
Level 1

Hi,

it can be you have not configured access-list nonat,ex. access-list nonat perm ip 10.254.14.0 255.255.255.0 10.254.14.0 255.255.255.0

and command nat (inside) 0 access-list nonat

HtH

Zdenek

zroth
Level 1
Level 1

Sorry fot the mistake,

access-list shall be access-list nonat perm ip 192.168.14.0 255.255.255.0 10.254.14.0 255.255.255.0

Fernando_Meza
Level 7
Level 7

Hi .. please check:

1.- That your routing is correct. The segment 192.168.14.x should know how to get back to 10.254.14.X. those returned packets need to reach the inside interface of the ASA.

2.- You might need to enable NAT-T whiach is not enabled by default. The command is

crypto isakmp nat-traversal 20

I hope it helps .. please rate it if it does !!!

m-mneimneh
Level 1
Level 1

Hi guys,

it turned out i needed to add the following to the inside access-list:

access-list inside_acl extended permit ip any 10.254.14.0 255.255.255.0

when applied, i could get responses from 192.168.14.x machines.

thank you for your contributions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: