cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
841
Views
5
Helpful
8
Replies

ASA 5510 VPN, no internet

shawnreis
Level 1
Level 1

Thanks for everyones help so far as I am very close to my goals but now I am stuck on something else.

I have internet access but when I connect to my network via VPN I can not get to the internet (via http/ping etc) I get Address translation but no connection. I can connect to everything internally just fine.

I have tried with split tunneling or without, neither help. I have a line in my ACL permitting http and can HTTP into a machine on our internal network.

Any suggestions, anything more useful to post for assistance?

Thanks to all for your help.

Newbie Moe.

8 Replies 8

acomiskey
Level 10
Level 10

Try...

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

I love the quick responses around here.. I didn't have time to grab a coffee.

So for the

nat (outside) XXXXXXXX

Would it be my internal network subnet?

No, it would be the vpn client subnet from your ip pool. For instance if client pool is 192.168.10.0/24...

nat (outside) 1 192.168.10.0 255.255.255.0

Or you could use split tunneling...

access-list split_tunnel standard permit ip

group-policy attributes

split-tunnel-policy tunnel-specified

split-tunnel-network-list value split_tunnel

Tried split tunnel and got the same results.

Our current IP pool is a portion of our internal network X.X.32.100 x.x.32.127 (fully routable not 192, 172, 10.10 address. ) does that matter?

Your vpn pool should never be part of your internal subnet.

Actually my DHCP range was on its on subnet.

I have resolved this issue and thanks for your help.

I was creating the Split Tunneling and creating the ACL/ACE for it but was not actually enabling it on any VPN group.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: