11-09-2007 12:32 PM - edited 02-21-2020 03:22 PM
Hi all. I have a 5510 that I'm using for both a l2l ipsec tunnel as well as remote access. I've been staring at this thing so long I'm loopy.
My l2l tunnel is up and happy. The hosts can talk to each other.
My RA is happy as far as I can log in with a vpn client. Unfortunately, I am unable to access anything besides the ASA itself when I'm connected. I can't ping the host on the inside.
I need to be able to access the host 10.0.5.10/26 on the inside interface which is 10.0.5.1/26. I've attached the config.
Can anyone see any glaring problems? I think its likely an ACL problem, I'm a little new at this stuff though and I'm not sure if I'm doing it right.
One thing I noticed is that when I check my ipconfig after connecting to the vpn. I get this...
IP Address: 10.0.5.20
Subnet Mask: 255.255.255.192
Default Gateway: 10.0.5.20
That seems like an odd gateway...
Thank You!
Solved! Go to Solution.
11-09-2007 12:40 PM
Add..
isakmp nat-traversal
Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.
ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0
Please rate helpfulp posts.
11-09-2007 12:40 PM
Add..
isakmp nat-traversal
Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.
ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0
Please rate helpfulp posts.
11-09-2007 12:44 PM
Thanks for the reply. I added that command but it doesn't appear to have made a difference.
11-09-2007 12:45 PM
I edited my post above.
11-09-2007 01:12 PM
Good deal, thanks for the help! I've been burned by the subnet rule before. I should've known.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: