04-04-2008 12:11 PM - edited 02-21-2020 03:39 PM
Thanks for everyones help so far as I am very close to my goals but now I am stuck on something else.
I have internet access but when I connect to my network via VPN I can not get to the internet (via http/ping etc) I get Address translation but no connection. I can connect to everything internally just fine.
I have tried with split tunneling or without, neither help. I have a line in my ACL permitting http and can HTTP into a machine on our internal network.
Any suggestions, anything more useful to post for assistance?
Thanks to all for your help.
Newbie Moe.
04-04-2008 12:14 PM
Try...
same-security-traffic permit intra-interface
global (outside) 1 interface
nat (outside) 1
04-04-2008 12:25 PM
I love the quick responses around here.. I didn't have time to grab a coffee.
So for the
nat (outside) XXXXXXXX
Would it be my internal network subnet?
04-04-2008 12:32 PM
No, it would be the vpn client subnet from your ip pool. For instance if client pool is 192.168.10.0/24...
nat (outside) 1 192.168.10.0 255.255.255.0
04-04-2008 12:36 PM
Or you could use split tunneling...
access-list split_tunnel standard permit ip
group-policy
split-tunnel-policy tunnel-specified
split-tunnel-network-list value split_tunnel
04-04-2008 12:38 PM
Tried split tunnel and got the same results.
04-04-2008 12:37 PM
Our current IP pool is a portion of our internal network X.X.32.100 x.x.32.127 (fully routable not 192, 172, 10.10 address. ) does that matter?
04-04-2008 12:43 PM
Your vpn pool should never be part of your internal subnet.
04-09-2008 06:42 AM
Actually my DHCP range was on its on subnet.
I have resolved this issue and thanks for your help.
I was creating the Split Tunneling and creating the ACL/ACE for it but was not actually enabling it on any VPN group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide