02-03-2009 04:57 AM - edited 03-11-2019 07:45 AM
I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.
02-03-2009 05:10 AM
Post your routing and access-list + NAT
Vlad
02-03-2009 08:15 AM
is split tunneling enabled on the firewall?
02-03-2009 02:41 PM
maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...
02-03-2009 09:29 PM
Hi All,
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address x.x.x.x 255.255.255.248
interface GigabitEthernet0/1
description Internet
nameif Inside
security-level 100
ip address x.x.x.x 255.255.255.248
interface Management0/0
nameif management
security-level 100
ip address 10.0.x.x 255.x.x.0
access-list Inside_mpc remark Trafiic for CSC Scan
access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www
access-list Inside_access_in extended permit ip any any log critical
access-list outacc extended permit icmp any any log critical
access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical
access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www
access-list Cisco_splitTunnelAcl standard permit x.x.x.x 255.255.255.248
access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 x.x.x.0 255.255.255.0
access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 220.220.220.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.224
access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.0
access-list Inside_mpc_3 remark csc
access-list aba_splitTunnelAcl standard permit x.x.x.x 255.255.255.248
access-list management_splitTunnelAcl standard permit x.x.x.x 255.255.252.0
access-list Outside_access_in remark For vpn connection
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications
ip local pool abavpnpool x.x.x.x-x.x.x.x mask 255.255.252.0
ip local pool testpool x.x.x.x-x.x.x.x mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
nat-control
global (Outside) 1 x.x.x.x
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
access-group outacc in interface Outside
access-group Inside_access_in_1 in interface Inside
route Outside 0.0.0.0 0.0.0.0 x.x.x.x
route Inside x.x.x.x 255.255.252.0 x.x.x.x 1
vpn-group-policy abavpn
tunnel-group abavpn type remote-access
tunnel-group abavpn general-attributes
address-pool abavpnpool
default-group-policy abavpn
tunnel-group abavpn ipsec-attributes
pre-shared-key *
tunnel-group test type remote-access
tunnel-group test general-attributes
address-pool testpool
default-group-policy test
tunnel-group test ipsec-attributes
pre-shared-ke
02-04-2009 08:14 AM
Hi,
I believe that you need to define a group-policy that will use the defined split tunnel.
group-policy test internal
group-policy test attributes
dns-server value x.x.x.x
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Cisco_splitTunnelAcl
default-domain value xxx.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: