ASA 5520 without spli tunnel local LAN access

bws · ‎12-10-2007

hi,

can any one help me i how can i set up asa vpn client to be able to access network 10.50.0.0 which is behind the asa (my vpn box) i am currently able to do vpn to this box but beyond cant do anything. Please see attached config

timkaye · ‎12-10-2007

Hello.

You need to NOT NAT traffic between these subnets.

this can be achieved by apply the following configuration.

access-list acl-nat-zero extended permit ip 10.50.0.0 255.255.0.0 10.11.11.0 255.255.255.0

nat (inside) 0 access-list acl-nat-zero

Hope this helps.

Tim

bws · ‎12-10-2007

i did exactly what you said but still it does not work. ????

timkaye · ‎12-10-2007

Hello.

Your routing

route inside 10.50.0.0 255.255.0.0 172.16.21.1 1

Does 172.16.21.1 know to route to the firewall 21.14 for the 10.11.11.0/24 network?

Tim

bws · ‎12-10-2007

Yes it does know it.

its configured for 10.11.11.0/24 is reachable via 172.16.21.14

when a user is connected on my asa via vpn, i can see tha when i do show route it shows below:

S 10.11.11.1 255.255.255.255 [1/0] via 80.227.175.225, outside

is this normal?

timkaye · ‎12-10-2007

I'd have to check.