Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

remote access vpn ip pool cannot access vlan

ronshuster
Level 1
Level 1

‎01-12-2009 11:59 AM - edited ‎03-11-2019 07:35 AM

we have an ip pool allocated on the firewall (ASA 5520) for remote access vpn. vpn users can access all internal resources with the exception of the following segments:

192.168.200.0\24

There are no ACL's on the vlan interface to block this traffic, the problem appears to be on the firewall. Here's all the nonatI have for the IP pool segment (10.20.50.0\24):

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.20.99.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.200.0 255.255.255.0 10.20.50.0 255.255.255.0

Again, the routing is not the problem.

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎01-12-2009 03:44 PM

What does the asdm real time log tells you?

what interfaces in asa are these networks coming from?

10.20.99.0/24

192.168.4.0/24

192.168.200.0/24

what are your ASA nat statements look like in reference to these nat exempt acls, posting sanatize config and some logs will help us in giving clues to what the problem could be.

Regards

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card