I have set up Remote IPSec VPN and it is working just fine. I need to access the connected VPN clients and it is not working. I have already added an entry to the nonat ACL allowing traffic from inside my network to the VPN Network.
Inside net: 10.1.1.0/24
VPN Pool: 172.30.1.0/24
Is it possible to have access originating from my internal net to the VPN users?
Thanks in advance.
VPN Users have access to certain servers thru Split Tunnel list.
Split tunnel acl should be an IP acl, it is not recommended and supported to define TCP ports on the split tunnel ACL, the vpn client will only interpret this ACl as a full IP rathern than TCP ports, and this could be causing you an issue. You might want to change your config to reflect this. As for the split tunnel ACL it should contain the range of servers|networks that this vpn clients should reach, let me remind you this is bidirectional as you may know.
So if the IT support ip range is on this vpnExample ACL the vpn clients will be able to reach the IT support guys and viceversa.
I would advise you to change your split tunnel acl from specific ports to only the desired servers and hosts these clients need to reach.
Remove the ports out of this Split tunnel acl.
If you need to restrict services for those vpn clients rather use VPN filters.