Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
388
Views
0
Helpful
5
Replies

ASA 5520 without spli tunnel local LAN access

bws
Level 1
Level 1

‎12-10-2007 07:48 AM - edited ‎02-21-2020 01:49 AM

hi,

can any one help me i how can i set up asa vpn client to be able to access network 10.50.0.0 which is behind the asa (my vpn box) i am currently able to do vpn to this box but beyond cant do anything. Please see attached config

23351-asa-new.log
0 Helpful
5 Replies 5

timkaye
Level 1
Level 1

‎12-10-2007 05:23 PM

Hello.

You need to NOT NAT traffic between these subnets.

this can be achieved by apply the following configuration.

access-list acl-nat-zero extended permit ip 10.50.0.0 255.255.0.0 10.11.11.0 255.255.255.0

nat (inside) 0 access-list acl-nat-zero

Hope this helps.

Tim

0 Helpful

bws
Level 1
Level 1
In response to timkaye

‎12-10-2007 09:28 PM

i did exactly what you said but still it does not work. ????

0 Helpful

timkaye
Level 1
Level 1
In response to bws

‎12-10-2007 10:04 PM

Hello.

Your routing

route inside 10.50.0.0 255.255.0.0 172.16.21.1 1

Does 172.16.21.1 know to route to the firewall 21.14 for the 10.11.11.0/24 network?

Tim

0 Helpful

bws
Level 1
Level 1
In response to timkaye

‎12-10-2007 11:24 PM

Yes it does know it.

its configured for 10.11.11.0/24 is reachable via 172.16.21.14

when a user is connected on my asa via vpn, i can see tha when i do show route it shows below:

S 10.11.11.1 255.255.255.255 [1/0] via 80.227.175.225, outside

is this normal?

0 Helpful

timkaye
Level 1
Level 1
In response to bws

‎12-10-2007 11:57 PM

I'd have to check.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card