remote access vpn ip pool cannot access vlan

Unanswered Question
Jan 12th, 2009

we have an ip pool allocated on the firewall (ASA 5520) for remote access vpn. vpn users can access all internal resources with the exception of the following segments:

192.168.200.0\24

There are no ACL's on the vlan interface to block this traffic, the problem appears to be on the firewall. Here's all the nonatI have for the IP pool segment (10.20.50.0\24):

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.20.99.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.200.0 255.255.255.0 10.20.50.0 255.255.255.0

Again, the routing is not the problem.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 01/12/2009 - 15:44

What does the asdm real time log tells you?

what interfaces in asa are these networks coming from?

10.20.99.0/24

192.168.4.0/24

192.168.200.0/24

what are your ASA nat statements look like in reference to these nat exempt acls, posting sanatize config and some logs will help us in giving clues to what the problem could be.

Regards

Actions

This Discussion