10-10-2008 12:40 PM - edited 02-21-2020 03:59 PM
Hello experts,
I've got a ASA5510 with 3 VPN L2L and one VPN Remote Access. For the two VPN L2L,Marielle and Aeromique no problem, but for VPN ASPCANADA, from a host 192.168.100.xx behind the ASA I cannot reach 57.5.64.250 or 251, and conversely.But the tunnel is up. Can you help me please, Thank you by advance.
Solved! Go to Solution.
10-10-2008 01:02 PM
Add these two line to the NAT 0 access list:
access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.251
access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.250
Also make sure mirror image of these statements are also in the remote ASA's NAT 0 access-list.
Test and post results
HTH
Saju
Pls rate helpful posts
10-14-2008 10:01 AM
Split tunnel is not configured properly .
Can you remove this line from your config :
no crypto dynamic-map NOMADES_DYN_MAP 10 match address NOMADES_DYN_MAP_10
Also modify following access list
no access-list NOMADES_DYN_MAP_10
access-list NOMADES_DYN_MAP_10 extended permit ip any ASP-NETWORK 255.255.255.0
The vpn pool in your config overlaps with inside network .This sometimes causes issues. Try to configure different network subnet for VPN pool .
HTH
Saju
Pls rate helpful posts
10-10-2008 01:02 PM
Add these two line to the NAT 0 access list:
access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.251
access-list inside_outbound_nat0_acl extended permit ip ASP-NETWORK 255.255.255.0 host 57.5.64.250
Also make sure mirror image of these statements are also in the remote ASA's NAT 0 access-list.
Test and post results
HTH
Saju
Pls rate helpful posts
10-13-2008 03:29 AM
Hi,
Thank you for your reply Singhsaju, i'm expecting the reply from the guy who take care of the router on the over side :). I'll send you the result ...
Best regards
10-14-2008 04:01 AM
Hi,
Ok, Every hosts from LAN ASP-NETWORK can ping the two hosts 57.5.64.250 & 251. Thank you very much. I've got an another question for this configuration. For the VPN Remote Access NOMADES, i can reach the hosts in the LAN ASP-NETWORK, but in the same time i can't go on Internet, or every thing public. I added the line "same-security-traffic permit intra-interface" but it's the same thing.
Thank you by advance...
10-14-2008 10:01 AM
Split tunnel is not configured properly .
Can you remove this line from your config :
no crypto dynamic-map NOMADES_DYN_MAP 10 match address NOMADES_DYN_MAP_10
Also modify following access list
no access-list NOMADES_DYN_MAP_10
access-list NOMADES_DYN_MAP_10 extended permit ip any ASP-NETWORK 255.255.255.0
The vpn pool in your config overlaps with inside network .This sometimes causes issues. Try to configure different network subnet for VPN pool .
HTH
Saju
Pls rate helpful posts
10-15-2008 04:31 AM
Hi Saju
Yop yop yop ça roule ma poule ...
Thank you for your help, every things running now.
Best regards...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide