08-30-2007 08:43 AM - edited 03-11-2019 04:04 AM
I have an ASA5510 running ios 7.2(2). When a client VPN is established they are not able to access any server that dose not have a static translation built. Is it necessary to build static translations for every server that needs to accessed or is there a more simple way of doing this. I've tried the sysopt command and building a vpn-filter under the policy setting neither seems to help. Any suggestions would be appreciated.
Solved! Go to Solution.
08-30-2007 09:34 AM
access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool
access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool
nat (inside) 0 access-list nat0_acl
substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool
08-30-2007 08:46 AM
which sysopt command? permit-vpn?
Do your crypto acl's allow the communication to said servers? are you using split tunneling?
can you post a partial config?
08-30-2007 09:04 AM
sysopt connection permit-vpn is the command I used.
This is a client to ASA VPN with no split tunneling.
The ACL's I tried were allowing all traffic from the tunnel-group to the server network.
access-list 10 remark verizonVPN
access-list 10 extended permit ip any 10.3.0.0 255.255.0.0
access-list 10 extended permit ip any 10.2.0.0 255.255.0.0
__________
group-policy verizon attributes
dns-server value 10.3.1.48 207.78.40.49
vpn-simultaneous-logins 10
default-domain value QDINC.net
vpn-filter value 10
________
tunnel-group verizon type ipsec-ra
tunnel-group verizon general-attributes
address-pool qdi
authentication-server-group TACACS+ LOCAL
default-group-policy verizon
tunnel-group verizon ipsec-attributes
pre-shared-key *
08-30-2007 09:34 AM
access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool
access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool
nat (inside) 0 access-list nat0_acl
substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool
08-30-2007 09:48 AM
That seems to have worked.
I thank you kind sir.
David
08-30-2007 09:53 AM
you're welcome...and thanks for the rating.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: