I followed this guide to setup my vpn using the CLI:
My setup is pretty basic except that I use radius authentication.
Right now, I can connect, the authentication works, the split tunneling works, but I can't access the inside LAN. I see the packets go in but they can't get out. I've been looking around for a while I can't figure out how to permit the packets back on the tunnel.
trying a ftp connection:
My logs show:
Built inbound UDP connection 4460548 for outside:192.168.1.200/63414 (192.168.1.200/63414) to inside:srv-office1/53 (srv-office1/53) (user)
Teardown UDP connection 4460451 for outside:192.168.1.200/53943 to inside:srv-office1/53 duration 0:02:08 bytes 245 (user)
If I packet trace 192.168.1.200 (vpn client) to 192.168.1.10 (srv-office1) with ftp it shows that flow is denied by configured rule.
The rule is inside
2 any any ip Deny Default Implicit rule
So I'm guessing I'm missing a rule somewhere...
Someone pointed me to
sysopt connection permit-vpn
but when I run sh run sysopt there is no output. Is it normal?
I attached parts of the configuration.