04-04-2008 12:11 PM - edited 02-21-2020 03:39 PM
Thanks for everyones help so far as I am very close to my goals but now I am stuck on something else.
I have internet access but when I connect to my network via VPN I can not get to the internet (via http/ping etc) I get Address translation but no connection. I can connect to everything internally just fine.
I have tried with split tunneling or without, neither help. I have a line in my ACL permitting http and can HTTP into a machine on our internal network.
Any suggestions, anything more useful to post for assistance?
Thanks to all for your help.
Newbie Moe.
04-04-2008 12:14 PM
Try...
same-security-traffic permit intra-interface
global (outside) 1 interface
nat (outside) 1
04-04-2008 12:25 PM
I love the quick responses around here.. I didn't have time to grab a coffee.
So for the
nat (outside) XXXXXXXX
Would it be my internal network subnet?
04-04-2008 12:32 PM
No, it would be the vpn client subnet from your ip pool. For instance if client pool is 192.168.10.0/24...
nat (outside) 1 192.168.10.0 255.255.255.0
04-04-2008 12:36 PM
Or you could use split tunneling...
access-list split_tunnel standard permit ip
group-policy
split-tunnel-policy tunnel-specified
split-tunnel-network-list value split_tunnel
04-04-2008 12:38 PM
Tried split tunnel and got the same results.
04-04-2008 12:37 PM
Our current IP pool is a portion of our internal network X.X.32.100 x.x.32.127 (fully routable not 192, 172, 10.10 address. ) does that matter?
04-04-2008 12:43 PM
Your vpn pool should never be part of your internal subnet.
04-09-2008 06:42 AM
Actually my DHCP range was on its on subnet.
I have resolved this issue and thanks for your help.
I was creating the Split Tunneling and creating the ACL/ACE for it but was not actually enabling it on any VPN group.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: