ASA + Allow VPN users Access to networked resources

najeebsyed2 · ‎02-18-2008

Hello All,

I am attempting to allow remote vpn users access to a "shared drive" but I am running into problems. I have established the following:

1) A successfull VPN connection

2) VPN users get IP addresses in the following range: 192.168.1.0/24

When I attempt to allow the users access to the internal network which is on the 10.88.0.0 subnet, it errors out.

However, I am able to succesfully get out to the Internet after I VPN into my network but I JUST CANNOT access the shared drive.

The following information might be relavent:

ASA version 7.7(2)

On Static NAT for the Domain Controller

Internal: 10.88.0.2

External: 12.x.x.x

Firewall

Internel: 10.88.0.4

External: 12.x.x.x.

I have also attached a screen shot of the "Packet Trace" I performed. The error says it is a NATing issue. Any help would be appriciated. Thanks.

acomiskey · ‎02-18-2008

Could you post the config?

cisco24x7 · ‎02-18-2008

access-list nonat permit ip 10.88.0.0/24 192.168.1.0/24

nat (inside) 0 access-list nonat

isakmp nat-t 10

Your vpn will work after that.

CCIE Security

najeebsyed2 · ‎02-18-2008

Please see attachment for config.

najeebsyed2 · ‎02-18-2008

Thank you very much. It worked !! Can you explain this command? I know it created a NAT exemption but I am clueless as to what it exactly means. Thanks !!!