ASA 5510 VPN, no internet

Unanswered Question
Apr 4th, 2008
User Badges:

Thanks for everyones help so far as I am very close to my goals but now I am stuck on something else.

I have internet access but when I connect to my network via VPN I can not get to the internet (via http/ping etc) I get Address translation but no connection. I can connect to everything internally just fine.

I have tried with split tunneling or without, neither help. I have a line in my ACL permitting http and can HTTP into a machine on our internal network.

Any suggestions, anything more useful to post for assistance?

Thanks to all for your help.

Newbie Moe.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
acomiskey Fri, 04/04/2008 - 12:14
User Badges:
  • Green, 3000 points or more


same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

shawnreis Fri, 04/04/2008 - 12:25
User Badges:

I love the quick responses around here.. I didn't have time to grab a coffee.

So for the

nat (outside) XXXXXXXX

Would it be my internal network subnet?

acomiskey Fri, 04/04/2008 - 12:32
User Badges:
  • Green, 3000 points or more

No, it would be the vpn client subnet from your ip pool. For instance if client pool is

nat (outside) 1

acomiskey Fri, 04/04/2008 - 12:36
User Badges:
  • Green, 3000 points or more

Or you could use split tunneling...

access-list split_tunnel standard permit ip

group-policy attributes

split-tunnel-policy tunnel-specified

split-tunnel-network-list value split_tunnel

shawnreis Fri, 04/04/2008 - 12:37
User Badges:

Our current IP pool is a portion of our internal network X.X.32.100 x.x.32.127 (fully routable not 192, 172, 10.10 address. ) does that matter?

acomiskey Fri, 04/04/2008 - 12:43
User Badges:
  • Green, 3000 points or more

Your vpn pool should never be part of your internal subnet.

shawnreis Wed, 04/09/2008 - 06:42
User Badges:

Actually my DHCP range was on its on subnet.

I have resolved this issue and thanks for your help.

I was creating the Split Tunneling and creating the ACL/ACE for it but was not actually enabling it on any VPN group.


This Discussion