ASA + Allow VPN users Access to networked resources

Unanswered Question
Feb 18th, 2008

Hello All,

I am attempting to allow remote vpn users access to a "shared drive" but I am running into problems. I have established the following:

1) A successfull VPN connection

2) VPN users get IP addresses in the following range: 192.168.1.0/24

When I attempt to allow the users access to the internal network which is on the 10.88.0.0 subnet, it errors out.

However, I am able to succesfully get out to the Internet after I VPN into my network but I JUST CANNOT access the shared drive.

The following information might be relavent:

ASA version 7.7(2)

On Static NAT for the Domain Controller

Internal: 10.88.0.2

External: 12.x.x.x

Firewall

Internel: 10.88.0.4

External: 12.x.x.x.

I have also attached a screen shot of the "Packet Trace" I performed. The error says it is a NATing issue. Any help would be appriciated. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Mon, 02/18/2008 - 11:20

access-list nonat permit ip 10.88.0.0/24 192.168.1.0/24

nat (inside) 0 access-list nonat

isakmp nat-t 10

Your vpn will work after that.

CCIE Security

najeebsyed2 Mon, 02/18/2008 - 13:09

Thank you very much. It worked !! Can you explain this command? I know it created a NAT exemption but I am clueless as to what it exactly means. Thanks !!!

Actions

This Discussion