VPN connection

Unanswered Question
Feb 3rd, 2009

I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rjaaouan Tue, 02/03/2009 - 14:41

maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...

CSCO10320953 Tue, 02/03/2009 - 21:29

Hi All,

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address x.x.x.x

interface GigabitEthernet0/1

description Internet

nameif Inside

security-level 100

ip address x.x.x.x

interface Management0/0

nameif management

security-level 100

ip address 10.0.x.x 255.x.x.0

access-list Inside_mpc remark Trafiic for CSC Scan

access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www

access-list Inside_access_in extended permit ip any any log critical

access-list outacc extended permit icmp any any log critical

access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical

access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www

access-list Cisco_splitTunnelAcl standard permit x.x.x.x

access-list Inside_nat0_outbound extended permit x.x.x.x x.x.x.0

access-list Inside_nat0_outbound extended permit x.x.x.x

access-list Inside_nat0_outbound extended permit ip any x.x.x.x

access-list Inside_nat0_outbound extended permit ip any x.x.x.x

access-list Inside_mpc_3 remark csc

access-list aba_splitTunnelAcl standard permit x.x.x.x

access-list management_splitTunnelAcl standard permit x.x.x.x

access-list Outside_access_in remark For vpn connection

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications

ip local pool abavpnpool x.x.x.x-x.x.x.x mask

ip local pool testpool x.x.x.x-x.x.x.x mask

no failover

icmp unreachable rate-limit 1 burst-size 1


global (Outside) 1 x.x.x.x

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1

access-group outacc in interface Outside

access-group Inside_access_in_1 in interface Inside

route Outside x.x.x.x

route Inside x.x.x.x x.x.x.x 1

vpn-group-policy abavpn

tunnel-group abavpn type remote-access

tunnel-group abavpn general-attributes

address-pool abavpnpool

default-group-policy abavpn

tunnel-group abavpn ipsec-attributes

pre-shared-key *

tunnel-group test type remote-access

tunnel-group test general-attributes

address-pool testpool

default-group-policy test

tunnel-group test ipsec-attributes


Tshi M Wed, 02/04/2009 - 08:14


I believe that you need to define a group-policy that will use the defined split tunnel.

group-policy test internal

group-policy test attributes

dns-server value x.x.x.x

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Cisco_splitTunnelAcl

default-domain value xxx.com


This Discussion